News
Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in ...
3don MSN
GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign
Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...
A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...
Salesloft has revealed that threat actors targeted customer Salesforce data after breaching its GitHub account ...
A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of ...
Threat actors had access to Salesloft’s GitHub account between March and June 2025 and performed reconnaissance.
The leaked token, accidentally embedded by the company’s employee in a public repository, might have provided an attacker ...
Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed the Salesloft GitHub account from March through June 2025. It's currently not ...
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...
The malware tricks IT personnel into downloading malicious GitHub Desktop installers with GPU-gated decryption targeting ...
JFrog and GitHub link a range of tools and functions to secure code, deployment and supply chain – with Copilot and in ...
Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Whether directly or indirectly, nearly all organizations depend on ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback