News

Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
ZDNet

Over 100,000 GitHub repos have leaked API or cryptographic keys

A scan of billions of files from 13 percent of all GitHub public repositories over a period of six months has revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with ...
SecurityWeek

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack

Hackers used the secrets stolen in the recent Nx supply chain attack to publish over 6,700 private repositories publicly.
Bleeping Computer

GitHub now can auto-block token and API key leaks for all repos

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. Today's announcement comes after the company introduced push ...

Max severity Argo CD API flaw leaks repository credentials

An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve ...
Security Boulevard

The Nx “s1ngularity” Attack: Inside the Credential Leak

On August 26, 2025, Nx, the popular build platform with millions of weekly downloads, was compromised with credential-harvesting malware. Using GitGuardian's monitoring data, we analyzed the ...
Security Boulevard

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...
Cybernews

How the Salesforce breaches unfolded: root causes identified

A single compromised GitHub account allowed hackers to breach hundreds of companies, including major tech and cybersecurity ...