In the light of recent supply chain attacks targeting the NPM ecosystem, GitHub will implement tighter authentication and publishing rules.

GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.

GitHub rolled out several updates this week aimed at developer collaboration, open source security and enterprise billing.

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. The attack was discovered by ...

GhostAction attack stole 3,325 secrets from 327 GitHub accounts GitGuardian helped shut it down and alerted affected projects A separate NPM attack hit 2,000 accounts but was unrelated Thousands of ...

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. According to a post-incident ...

Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to ...

A major data theft campaign targeting Salesforce data via the Salesloft Drift app began after threat actors compromised a key GitHub account, Salesloft has revealed. The sales engagement firm said in ...

Hundreds of GitHub users and repositories have been hit by another supply chain attack, in which threat actors have already stolen more than 3000 secrets, according to GitGuardian. The security vendor ...

The Chhattisgarh Congress filed a police complaint after an unidentified man trespassed into state president Deepak Baij's residence, ignoring security and filming the property. The party expressed ...

Security investigators uncovered a sweeping campaign named GhostAction supply chain campaign that compromised 327 GitHub user accounts across 817 repositories on 5 September 2025. Attackers inserted ...