WinBuzzer

GitHub Postpones Self-Hosted Action Runner Fees Following Community Revolt

GitHub has indefinitely postponed its controversial $0.002/minute fee for self-hosted Actions runners after intense backlash, ...
Bleeping Computer

GitHub Action supply chain attack exposed secrets in 218 repos

The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
Dark Reading

GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects

Researchers have uncovered an attack vector that affected GitHub open source projects owned by Google, Microsoft, Amazon Web Services, and others, executed by abusing artifacts generated as part of ...
InfoWorld

Thousands of open source projects at risk from hack of GitHub Actions tool

App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was ...
CSOonline

GhostAction campaign steals 3325 secrets in GitHub supply chain attack

GitGuardian has disclosed a new software supply chain attack campaign, dubbed GhostAction, that exfiltrated thousands of sensitive credentials before being detected and contained on September 5. The ...