【CSDN 编者按】在自动化 CI/CD 任务时，GitHub Actions 为开发者提供了极大的便利。它允许我们轻松集成、测试和部署代码，只需简单配置 .github/workflows/ 即可调用社区或官方的 Actions ...

The threat actors initially attempted to compromise projects associated with the Coinbase cryptocurrency exchange, said Palo ...

Palo Alto Networks Unit 42在一份报告中指出：“攻击载荷主要针对其开源项目agentkit的公共CI/CD流程，可能是为了利用它进行进一步的攻击。然而，攻击者未能使用Coinbase的密钥或发布软件包。” ...

According to the cybersecurity firms analyzing the incident, the attacker initially tried to compromise the Coinbase ...

The GitHub Action supply chain compromise that threatened the security of more than 23,000 repositories appears to be linked to a previously undisclosed attack against a second entity last week, ...

币界网消息, 慢雾余弦在 X 平台发文称，利用 GitHub Actions CI/CD 机制供应链攻击 Coinbase，所幸没有继续成功，否则下一个被爆的安全事件就是针对 Coinbase 了。在 GitHub 上的供应链攻击路径：reviewdog/action-setup -＞ tj-actions/changed-files -＞ coinbase/agentkit -＞窃取 GitHu ...

Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.

Leaked SpotBugs PAT in November 2024 led to a GitHub supply chain attack, compromising Coinbase in March 2025.

A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj ...

Open source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer ...

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen ...