Crypto Security Report: March 2025
A GitHub Actions attack hitting 23,000 organizations, a RAT targeting 20 Chrome wallet extensions, DPRK Zoom malware, and more.
Read the full articleYou might also wanna read

Kaspersky uncovers over 250,000 potential security issues in GitHub Actions workflows
The researchers have discovered 8 repositories with critical misconfigurations that could lead to supply chain compromise

The complete GitHub Actions security checklist
GitHub Actions misconfigurations have been behind some of the biggest supply chain attacks of 2025 and 2026. Here's what went wrong and how
Megalodon Attack: Malicious GitHub Actions Workflows Compromise Over 5,500 Open-Source Repositories
A forged commit. A workflow file disguised as a routine CI optimization. Within 6 hours, 5,561 GitHub repositories were backdoored. Cloud cr
Megalodon Attack: Malicious GitHub Actions Workflows Compromise Over 5,500 Open-Source Repositories
A forged commit. A workflow file disguised as a routine CI optimization. Within 6 hours, 5,561 GitHub repositories were backdoored. Cloud cr
Credential threats in April 2026: Supply chain attacks and 28 million exposed secrets
APT28 hijacked 18,000 routers to steal OAuth tokens. Storm-2372 bypassed MFA without touching a password. 28.6 million secrets leaked on Git
GitHub confirms breach of 3,800 repos via malicious VSCode extension
Previous thread in sequence: GitHub is investigating unauthorized access to their internal repositories - - May 2026 (321 comments) Comments


Comments
Sign in to join the conversation.
No comments yet. Be the first.