CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
The Register on MSN

GitHub moves to tighten npm security amid phishing, malware plague

Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing GitHub, which owns the npm registry ...
TechRadar

Jaw-dropping security flaws found in open source code could allow hackers to spirit away entire projects - here's what devs need to know

Sysdig exposed how a trusted GitHub feature can silently hand control to attackers pull_request_target isn’t just risky, it’s a loaded weapon in the wrong hands Even top-tier security projects like ...

Blacksmith Raises $10M to Unblock AI Development with Fast CI for GitHub Actions

Continuous Integration (CI) shouldn't be the part of the day developers dread — but too often it's slow, costly, and unpredictable. In the era of AI and AI agents, where iteration speed determines ...
Security Boulevard

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated ...