Bleeping Computer

GitHub Action hack likely led to another in cascading supply chain attack

To prevent similar compromises in the future, pin GitHub Actions to commit hashes instead of version tags and use GitHub's allow-listing feature to restrict unauthorized actions. Those supply chain ...
Bleeping Computer

GitHub revokes code signing certificates stolen in repo hack

GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories.