The Hacker News

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Megalodon pushed 5,718 malicious GitHub commits in 6 hours, exposing CI secrets and cloud credentials at scale.

Laravel Lang packages hijacked to deploy credential-stealing malware

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated ...
Bleeping Computer

GitHub rotates keys to mitigate impact of credential-exposing flaw

GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. This unsafe ...
Krebs on Security

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

On May 18, KrebsOnSecurity reported that a CISA contractor with administrative access to the agency’s code development ...