The Hacker News

SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack

The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs. "The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular open-source tool for

Apr 4, 2025 - 14:05
 0
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs. "The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular open-source tool for
Read More

Tags:

Previous Article

NSA chief and US Cyber Command head ousted

Next Article

Microsoft just turned 50, can its dominance last another

Related Posts

Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

Cybercriminals Use Eclipse Jarsigner to Deploy XLoader ...

Feb 20, 2025  0

Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants

Chinese APT Lotus Panda Targets Governments With New Sa...

Mar 5, 2025  0

Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates

Researchers Link CACTUS Ransomware Tactics to Former Bl...

Mar 4, 2025  0