Critical AWS supply chain vulnerability could have let hackers take over key GitHub repositories

The vulnerability was spotted in August 2025, so users should patch now.
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
TechRadar

Jaw-dropping security flaws found in open source code could allow hackers to spirit away entire projects - here's what devs need to know

Sysdig exposed how a trusted GitHub feature can silently hand control to attackers pull_request_target isn’t just risky, it’s a loaded weapon in the wrong hands Even top-tier security projects like ...