Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
InfoWorld

What is GitHub Actions? Automated CI/CD for GitHub

GitHub Actions is a platform built into GitHub that automates software building, testing, and deployment. GitHub, owned by Microsoft, is a hosting service for software development using Git, an open ...
Bleeping Computer

GitHub expands security tools after 39 million secrets leaked in 2024

GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and ...
Dark Reading

GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects

Researchers have uncovered an attack vector that affected GitHub open source projects owned by Google, Microsoft, Amazon Web Services, and others, executed by abusing artifacts generated as part of ...
Morningstar

GitLab Signs Strategic Collaboration Agreement with AWS to Deliver Secure DevSecOps to ...

All Remote – GitLab Inc., the most comprehensive, intelligent DevSecOps platform, announced today that it has signed a three-year, strategic collaboration agreement (SCA) with Amazon Web Services (AWS ...
Yahoo Finance

JFrog Named GitHub’s 2025 Tech Partner of the Year, Powering the Future of DevSecOps, and ...

JFrog to showcase its extensive set of GitHub integrations, including JFrog Fly - the industry’s first agentic artifact repository - at GitHub Universe in San Francisco "Developers are experiencing a ...