The threat actors initially attempted to compromise projects associated with the Coinbase cryptocurrency exchange, said Palo ...

Leaked SpotBugs PAT in November 2024 led to a GitHub supply chain attack, compromising Coinbase in March 2025.

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen ...

Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.

The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it ...

We know a bit more about the GitHub Actions supply chain attack from last month. Palo Alto’s Unit 42 has been leading the ...

According to the cybersecurity firms analyzing the incident, the attacker initially tried to compromise the Coinbase ...

CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.

It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack.… StepSecurity disclosed a compromise of the popular GitHub Action tj ...

Open source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer ...

More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.

Security researchers are warning of a supply chain attack against tj-actions/changed-files GitHub Action, which is used in more than 23,000 repositories. A malicious commit was detected early Friday, ...