Technology ❯ Software Development ❯ Version Control ❯ GitHub

GitHub Actions

Coordinated npm Attack Used GitHub Actions Flaws to Push Malicious TanStack Releases

The breach highlights weak points in GitHub Actions workflows that let attackers turn trusted builds into delivery channels.

Stories older than 24h

Bitwarden CLI npm Release Briefly Backdoored in Supply-Chain Campaign

Trivy Supply-Chain Attack Poisons GitHub Action Tags to Steal CI/CD Secrets

Anthropic Launches Multi-Agent Code Review for Claude Code

Shai-Hulud Worm Infects 187 npm Packages, Steals Secrets and Self‑Replicates via Stolen Tokens

Anthropic Revokes OpenAI’s Claude Access and Unveils Opus 4.1