Security

Latest from today

GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments

Wiz has found threat actors exploiting GitHub tokens, giving them access to GitHub Action Secrets and, ultimately, cloud environments.

By Taryn Plumb

Dec 9, 20256 mins

Cloud SecurityGitHubSecurity

Articles

Contagious Interview attackers go ‘full stack’ to fool you

The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a development and delivery pipeline to drop malware.

By Shweta Sharma

Dec 1, 2025 4 mins

Code SecuritySecuritySecurity Practices

Cloud fragility is costing us billions

The complex interconnectedness of cloud services means companies may not even realize their vulnerabilities. Don’t let an outage catch you off guard.

By David Linthicum

Nov 28, 2025 5 mins

Business ContinuityCloud ComputingCritical Infrastructure

Security researchers caution app developers about risks in using Google Antigravity

The tool for creating agents has vulnerabilities, say experts; Google says it will post known issues publicly as it works to address them.

By Howard Solomon

Nov 27, 2025 8 mins

Artificial IntelligenceDevelopment ToolsVulnerabilities

OpenAI admits data breach after analytics partner hit by phishing attack

Mixpanel warns of phishing attacks after criminals steal email addresses and organization IDs from some customer profiles.

By John E. Dunn

Nov 27, 2025 5 mins

APIsCyberattacksData Breach

Kazakhstan’s SOS 102: Redefining Public Safety Through Innovation

By IDC

Jan 23, 2025 4 mins

Security

Developers left large cache of credentials exposed on code generation websites

The discovery by a security company reveals widespread insecure use of online tools in enterprises.

By John E. Dunn

Nov 25, 2025 5 mins

DeveloperDevelopment ToolsRoles

New Shai-Hulud worm spreading through npm, GitHub

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers.

By Howard Solomon

Nov 24, 2025 7 mins

GitHubVersion Control SystemsVulnerabilities

How pairing SAST with AI dramatically reduces false positives in code security

In our study, a novel SAST-LLM mashup slashed false positives by 91% compared to a widely used standalone SAST tool.

By Vaibhav Agrawal

Nov 20, 2025 6 mins

Development ToolsDevopsVulnerabilities

North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes

The long-running Contagious Interview campaign is now hiding BeaverTail and InvisibleFerret payloads inside JSON storage services.

By Shweta Sharma

Nov 17, 2025 3 mins

Development ToolsMalwareSecurity

Spam flooding npm registry with token stealers still isn’t under control

Goal is to steal Tea tokens by inflating package downloads, possibly for profit when the system can be monetized.

By Howard Solomon

Nov 14, 2025 7 mins

Application SecurityOpen SourceSecurity

Copy-paste vulnerability hits AI inference frameworks at Meta, Nvidia, and Microsoft

Flaws replicated from Meta’s Llama Stack to Nvidia TensorRT-LLM, vLLM, SGLang, and others, exposing enterprise AI stacks to systemic risk.

By Shweta Sharma

Nov 14, 2025 3 mins

Artificial IntelligenceSecurityVulnerabilities

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own name.

By Shweta Sharma

Nov 12, 2025 4 mins

CybercrimeDeveloperMalware