Recent GitHub supply chain attack traced to leaked SpotBugs token
A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen ...
Infosecurity Magazine2d
Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise
The threat actors initially attempted to compromise projects associated with the Coinbase cryptocurrency exchange, said Palo ...
The Hacker News2d
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
Leaked SpotBugs PAT in November 2024 led to a GitHub supply chain attack, compromising Coinbase in March 2025.
SecurityWeek3d
Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack
Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.
Hackaday2d
This Week In Security: Target Coinbase, Leaking Call Records, And Microsoft Hotpatching
We know a bit more about the GitHub Actions supply chain attack from last month. Palo Alto’s Unit 42 has been leading the ...
The Hacker News2h
PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
PoisonSeed exploits CRM credentials to spread cryptocurrency seed phrase attacks, risking major wallet compromises.
AMBCrypto6d
AMBCrypto March 2025 report: Government Bitcoin, retail pressure & the altcoin divide
Leadership of Bitcoin over altcoins: Bitcoin’s dominance rose as it weathered March’s turbulence better than most altcoins, ...
Hackaday2d
Security Hacks
We know a bit more about the GitHub Actions supply chain attack from last ... The conclusion is that Coinbase was the initial target of the attack, with the open source agentkit package first ...