Bleeping Computer

Recent GitHub supply chain attack traced to leaked SpotBugs token

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise ...
Bleeping Computer

Salesloft: March GitHub repo breach led to Salesforce data theft attacks

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August. Salesloft is a widely ...
TechCrunch

Salesloft says Drift customer data thefts linked to March GitHub account hack

Salesloft said a breach of its GitHub account in March allowed hackers to steal authentication tokens that were later used in a mass-hack targeting several of its Big Tech customers. Citing an ...
CoinTelegraph

Huge ‘screw-up’ — Pump Science apologizes after flood of fraud tokens

Pump Science partially blamed Solana-based software firm BuilderZ for leaving the private key to the dev wallet address on GitHub for the public to see. Update (Nov. 28, 9:48 pm UTC): This article has ...