Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.
InfoWorld

Critical GitHub RCE bug exposed millions of repositories

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...
Techzine Europe

Malicious Python package poses new supply chain threat

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...
SecurityWeek

Critical GitHub Vulnerability Exposed Millions of Repositories

Wiz discovered a critical remote code execution vulnerability in GitHub that exposed millions of repositories.
Security Boulevard

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.
DataBreachToday

Flurry of Supply-Chain Software Library Attacks

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
Bleeping Computer

Over 12 million auth secrets and keys leaked on GitHub in 2023

GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. This is ...