#GitHub
One-Click github.dev Attack Lets Malicious Repos Steal Full GitHub Tokens
One-Click github.dev Attack Lets Malicious Repos Steal Full GitHub Tokens | 2026 Executive Summary Security researcher Ammar Askar disclosed a one-click attack...
Lucas Oliveira
Research
GitHub GHES Signing Key Rotation Puts Admins on the Clock
GitHub GHES Signing Key Rotation Puts Admins on the Clock Executive Summary GitHub warned on May 26, 2026 that administrators running GitHub Enterprise Server (...
Lucas Oliveira
Research
GitHub Action tag hijack turns CI/CD runs into credential theft
GitHub Action tag hijack turns CI/CD runs into credential theft A fresh GitHub Actions supply chain incident is a good reminder that "pinned" does not mean safe...
Lucas Oliveira
Research
Trivy GitHub Action compromise exposed CI/CD secrets in a stealth supply-chain attack
Trivy GitHub Action compromise exposed CI/CD secrets in a stealth supply-chain attack A supply-chain compromise in Aqua Security’s aquasecurity/trivy-action sho...
Lucas Oliveira
Research
GlassWorm Shifts to Transitive Open VSX Dependencies in Developer Supply-Chain Push
GlassWorm Shifts to Transitive Open VSX Dependencies in Developer Supply-Chain Push GlassWorm is no longer just a story about obviously malicious extensions. Th...
Lucas Oliveira
Research
FakeGit: GitHub malware campaign hits 600+ repos
FakeGit: GitHub malware campaign hits 600+ repos | 2026 Executive Summary A Vietnamese-speaking threat actor has been distributing FakeGit, a GitHub-based malwa...
Lucas Oliveira
Research