GitHub supply chain attack spills secrets from 23K projectsA supply chain attack affected the tj-actions/changed-files GitHub Action, leading to potential leakage of sensitive information from projects.
Fake LDAPNightmare exploit on GitHub spreads infostealer malwareA misleading PoC exploit on GitHub is distributing infostealer malware by exploiting user trust and interest in vulnerability assessments.