Megalodon Malware Campaign Poisons Over 5,500 GitHub Repositories
A sophisticated supply chain attack dubbed 'Megalodon' has targeted thousands of GitHub repositories, stealing cloud credentials and CI/CD secrets.
Tag: GitHub Actions
Microsoft Pulls the Plug on Claude Code Licenses to Force Copilot CLI Adoption
Microsoft is winding down Claude Code access for thousands of internal developers, pushing them toward GitHub Copilot CLI to cut costs and consolidate tools.
CISA Under Fire as Contractor Leaks AWS GovCloud Keys on Public GitHub
Lawmakers demand answers after a CISA contractor leaked sensitive AWS GovCloud credentials and internal secrets on a public GitHub repository.
CISA Under Fire After Contractor Leaks Agency Secrets on Public GitHub Repository
Lawmakers are questioning CISA's internal security after a contractor leaked AWS GovCloud keys and internal secrets on a public GitHub account.
CISA Under Fire After Contractor Leaks AWS GovCloud Keys on Public GitHub
Members of Congress are demanding answers from CISA after a contractor exposed critical AWS GovCloud keys and agency secrets via a public GitHub repository.
TeamPCP’s ‘Supply Chain Flywheel’: How a Single Rogue Extension Hit GitHub
Hacker group TeamPCP has compromised thousands of GitHub repositories using a self-perpetuating cycle of poisoned open-source tools.
GitHub Internal Repositories Exfiltrated After Poisoned VS Code Extension Attack
GitHub reports a breach involving a poisoned VS Code extension, leading to the exfiltration of internal repositories. Attackers claim 3,800 repos stolen.
GitHub Confirms Internal Repository Breach Following ‘Poisoned’ VS Code Extension Attack
GitHub reports internal code exfiltration after a malicious VS Code extension breach. TeamPCP claims 3,800 repositories were stolen.
GitHub Investigating Major Breach After Threat Actor Claims Access to 4,000 Internal Repositories
GitHub is investigating unauthorized access to internal repositories after the threat group TeamPCP claimed to have exfiltrated proprietary source code.
GitHub Confirms Breach of 3,800 Internal Repositories After Employee Installs Malicious VS Code Extension
GitHub confirms that a poisoned VS Code extension on an employee's device led to the exfiltration of approximately 3,800 internal repositories.