A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. Mercedes-Benz is a prestigious German car, bus, and truck ...

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure. An analysis of build ...

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. Today's announcement comes after the company introduced push ...

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.

That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow - exposed way back in November, months earlier than ...

Attackers operated an active C2 implant for up to a week and compromised AppSec vendor Xygeni's xygeni/xygeni-action in that time.

What if the Python programming language itself was malicious? It would be the most devastating supply chain attack in human history - but it almost happened after an important GitHub token was ...

Scrubbing tokens from source code is not enough, as shown by the publishing of a Python Software Foundation access token with administrator privileges to a container image on Docker Hub. A personal ...