The Register on MSN

GitHub walks back plan to charge for self-hosted actions runners

Engineers cried foul over plan to charge $0.002/min. updated Following publication of our original article, GitHub reversed ...

Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
InfoWorld

GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments

Wiz has found threat actors exploiting GitHub tokens, giving them access to GitHub Action Secrets and, ultimately, cloud ...
Techzine Europe

Microsoft gives guidance on Shai-Hulud 2.0 supply chain attack

The return of the Shai-Hulud supply chain attack was dubbed 'The Second Coming' shortly after the first warning about it on ...