News
A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...
A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of ...
Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.
Threat actors had access to Salesloft’s GitHub account between March and June 2025 and performed reconnaissance.
In addition to SAST integration, JFrog’s Runtime Security now offers real-time monitoring within GitHub Actions that focuses on the security of applications in production environments.
Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback