

cstu.io1mo ago
arstechnica.com1mo ago
A forged commit. A workflow file disguised as a routine CI optimization. Within 6 hours, 5,561 GitHub repositories were backdoored. Cloud credentials harvested. SSH keys stolen. OIDC tokens minted and exfiltrated before any runner finished. The attacker n
Security researchers discovered obfuscated JavaScript hidden inside a Packagist development version of the legitimate Laravel package
cyberpress.org·Tech by Flipboard·1mo ago·4 min read

hendryadrian.com1mo ago



aikido.dev10mo ago
