The threat actors initially attempted to compromise projects associated with the Coinbase cryptocurrency exchange, said Palo ...

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen ...

Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.

The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it ...

CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.

Leaked SpotBugs PAT in November 2024 led to a GitHub supply chain attack, compromising Coinbase in March 2025.

We know a bit more about the GitHub Actions supply chain attack from last month. Palo Alto’s Unit 42 has been leading the ...

According to the cybersecurity firms analyzing the incident, the attacker initially tried to compromise the Coinbase ...

Open source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer ...

It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack.… StepSecurity disclosed a compromise of the popular GitHub Action tj ...

Researchers from Palo Alto Networks said the hackers likely planned to leverage an open source project of the company for ...

"Nation-state hacking has become more in your face," says Cleveland – who now works for network intel infosec outfit ExtraHop ...