github

Hackers Ramp up Scans for Leaked Git Tokens and Secrets

,

Hackers are increasing scans for leaked Git configuration files, which can expose sensitive data like tokens and credentials. A report by GreyNoise highlighted a surge in scans from April 20-21, 2025, with nearly 4,800 unique IPs detected, predominantly from Singapore, the U.S., and Germany. These exposed Git files often lead to significant security breaches, allowing unauthorized access to cloud services and repositories. To mitigate risks, experts recommend blocking access to .git/ directories and monitoring logs for suspicious activity.

https://www.bleepingcomputer.com/news/security/hackers-ramp-up-scans-for-leaked-git-tokens-and-secrets/

Coinbase Was Primary Target of Recent GitHub Actions Breaches

Coinbase was the main target of a GitHub Actions attack that revealed secrets in numerous repositories. Researchers noted that the breach began with malicious code inserted into a GitHub Action, which leaked CI/CD secrets when invoked by other actions. Despite initial successful data access, Coinbase claimed the attack did not harm their assets, and overall, only 218 repositories were impacted out of over 20,000 using the vulnerable action.

https://www.bleepingcomputer.com/news/security/coinbase-was-primary-target-of-recent-github-actions-breaches/

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed

Recent details reveal the root cause and impact of the GitHub Actions supply chain hack. The attack compromised the ‘tj-actions/changed-files' action, affecting over 23,000 repositories, allowing attackers to execute a script that could leak CI/CD secrets. Initial investigations identified the compromise of the ‘reviewdog/action-setup' action as the root cause, which inadvertently provided an attacker access to a personal access token. The attack initially targeted Coinbase but expanded to a broader scope, potentially affecting about 160,000 dependencies. However, only 218 repositories leaked sensitive information, primarily short-lived tokens. GitHub confirmed no evidence of system compromise and encouraged users to review actions before usage.

https://www.securityweek.com/impact-root-cause-of-github-actions-supply-chain-hack-revealed/

GitHub Action Supply Chain Attack: Reviewdog/action-setup

GitHub Action supply chain attack: reviewdog/action-setup detected. Attack compromised tj-actions/changed-files, leaking secrets. Wiz Research links attack to reviewdog/action-setup@v1, suggesting ongoing risks. Compromised Personal Access Token allowed modifications. Secrets visible in CI logs; public repositories exposed secrets, while private ones potentially retained internal risks. Immediate action recommended: stop using affected actions, rotate leaked secrets, and audit workflows. Use specific commit hashes for security. Wiz offers detection tools for compromised actions and incident monitoring.

https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup

Scroll to Top