Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.

A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of ...

Developers affected by the deprecation of password authentication will need to switch to authentication using personal access tokens through HTTPS or SSH when working with Git, or enable GitHub ...

Nx supply chain attack on Aug 26, 2025 leaked 2,349 secrets via npm packages, risking GitHub and cloud accounts.

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account ...

GitHub now officially requires token-based authentication for its command line interface, third-party apps, and services that access Git repositories hosted on the platform.

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure.

Developers from hundreds of companies have included access tokens for their Slack accounts in public projects on GitHub, putting their teams' internal chats and other data at risk.

GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts.

GitHub now officially requires token-based authentication for its command line interface, third-party apps, and services that access Git repositories hosted on the platform.