News

CSO Online4d
GitHub Actions attack renders even security-aware orgs vulnerable
Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by ...
CSO Online1d
GitHub hit by a sophisticated malware campaign as ‘Banana Squad’ mimics popular repos
Attackers use typo-squatting, obfuscation, and fake accounts to slip Python-based malware into open-source projects, raising ...
Infosecurity Magazine3d
Banana Squad’s Stealthy GitHub Malware Campaign Targets Devs
Discovered by ReversingLabs, the campaign reflects a shift in open-source software supply chain attacks. While overall ...
InfoWorld3mon
Thousands of open source projects at risk from hack of GitHub Actions tool
App development teams who use a popular utility in the GitHub Actions ... detect file changes in a repository, but a GitHub advisory says the change executes a malicious Python script that allows ...
Bleeping Computer10mon
GitHub Actions artifacts found leaking auth tokens in popular projects
The discovery by Palo Alto Networks' Unit 42 prompted action ... FILE' property is set to 'True.' Ultimately, attackers would seek to exploit specific race condition scenarios where the ephemeral ...