News

GitHub14h
A GitHub action to update a Docker Hub repository description from README.md.
The action assumes that there is a file called README.md located at the root of the repository. If this is not the case the path can be specified with the readme-filepath input. The GitHub repository ...
GitHub15d
Eclipse GLSP Server
See our project website for an overview of the workflow example and all components implementing it. To see the diagram in action, you need to choose and launch one diagram client, see here for an ...
SecurityWeek24d
Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack
The token was stolen by a threat actor on December 6, through a malicious pull request submitted to spotbugs/sonar-findbugs to exploit GitHub Actions workflow using the pull_request_target trigger ...
The Hacker News24d
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
"The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular open-source tool for static analysis of bugs in code," Palo Alto Networks Unit 42 said ...
Bleeping Computer24d
Recent GitHub supply chain attack traced to leaked SpotBugs token
On March 11, 2025, the attacker used the stolen PAT to invite another dummy user (jurkaofavak) into SpotBugs, who pushed a malicious GitHub Actions workflow that exfiltrated another PAT belonging ...
Bleeping Computer25d
GitHub expands security tools after 39 million secrets leaked in 2024
Apart from GitHub's initiatives and improvements, users are also given a list of recommended actions to protect themselves from secret leaks. First, it is suggested that Push Protection be enabled ...