CISA Admin Leaked AWS GovCloud Keys on Github
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that...
GitHub
![[un]prompted 2026 – Breaking The Lethal Trifecta (Without Ruining Your Agents)](https://securityboulevard.com/wp-content/uploads/2018/01/TwitterLogo-002.jpg)
Bitwarden CLI Compromise Linked to Ongoing Checkmarx Supply Chain Campaign
The command line interface (CLI) of the popular Bitwarden open source password manager is the latest target the ongoing Checkmarx...
GitHub Actions Supply Chain Attack: Trivy Breach & Workflow
The post GitHub Actions Supply Chain Attack: Trivy Breach & Workflow appeared first on Grip Security Blog. Since the end...
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31,...
Phishing LNK files and GitHub C2 power new DPRK cyber attacks
Phishing LNK files and GitHub C2 power new DPRK cyber attacks Pierluigi Paganini April 06, 2026 DPRK-linked hackers use GitHub...
AI Infrastructure LiteLLM Supply Chain Poisoning Alert
Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in...
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known...
Massive GitHub malware operation spreads BoryptGrab stealer
Massive GitHub malware operation spreads BoryptGrab stealer Pierluigi Paganini March 08, 2026 Trend Micro found BoryptGrab stealer spreading through 100+...
Beware of fake OpenClaw installers, even if Bing points you to GitHub
Attackers are abusing OpenClaw’s popularity by seeding fake “installers” on GitHub, boosted by Bing AI search results, to deliver...
Who is the Kimwolf Botmaster “Dort”?
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the...
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious...
ClawBands GitHub Project Looks to Put Human Controls on OpenClaw AI Agents
A software engineer has created a lightweight plugin on GitHub aimed at ensuring greater human control of the actions...
NDSS 2025 – Rethinking Trust In Forge-Based Git Security
Session 9D: Github + OSN Security Authors, Creators & Presenters: Aditya Sirish A Yelgundhalli (New York University), Patrick Zielinski (New...
