News

The Hacker News18d
1,500+ Minecraft Players Infected by Java Malware Masquerading as Game Mods on GitHub - The Hacker News
Terefos told The Hacker News that they flagged "approximately 500 GitHub repositories, including those that are forked or copied," adding "We've also seen 700 stars produced by approximately 70 ...
VentureBeat1mon
Anthropic overtakes OpenAI: Claude Opus 4 codes seven hours nonstop, sets record SWE-Bench score and reshapes enterprise AI - VentureBeat
Anthropic's Claude Opus 4 outperforms OpenAI's GPT-4.1 with unprecedented seven-hour autonomous coding sessions and record-breaking 72.5% SWE-bench score, transforming AI from quick-response tool ...
PE Hub1mon
JC Flowers-backed Jefferson Capital files to go public | PE Hub
The number of shares that will be sold as well as the stock’s pricing terms have yet to be determined Jefferson Capital plans on trading the stock on the Nasdaq under the ticker symbol “JCAP ...
komonews1mon
CVS to acquire & operate 64 Rite Aid stores in the PNW, buy customer prescription files
SEATTLE — CVS Pharmacy has announced its agreement to buy the prescription files of 625 Rite Aid pharmacies across 15 states, as well as 64 physical Rite Aid stores in Idaho, Oregon, and Washington.
SecurityWeek2mon
Files Deleted From GitHub Repos Leak Valuable Secrets
Security researcher Sharon Brizinov earned $64,000 in bug bounties after finding hundreds of secrets leaking in dozens of public GitHub repositories. What makes Brizinov’s findings special is that the ...
Infosecurity-magazine.com3mon
Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise - Infosecurity Magazine
A recent supply chain attack that compromised the popular tj-actions/changed-files GitHub action has left a trail of digital destruction, affecting 218 GitHub repositories. As investigators dig deeper ...
Infosecurity-magazine.com3mon
Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns
CVE-2024-55591 was added to CISA’s KEV catalog in January. Exploited Flaw in Crucial Github Action Framework Alongside the Fortinet vulnerability, CISA added CVE-2025-30066 to its KEV catalog. This ...
Bleeping Computer3mon
GitHub Action hack likely led to another in cascading supply chain attack - BleepingComputer
Last week, a supply chain attack on the tj-actions/changed-files GitHub Action caused malicious code to write CI/CD secrets to the workflow logs for 23,000 repositories.
Bleeping Computer3mon
Supply chain attack on popular GitHub Action exposes CI/CD secrets - BleepingComputer
On March 15, 2:00 PM UTC, GitHub removed the compromised action, and at 10:00 PM UTC on the same day, the repository was restored with the malicious code having been removed.
InfoWorld3mon
Thousands of open source projects at risk from hack of GitHub Actions tool - InfoWorld
That warning came after researchers at StepSecurity found that all versions of the tj-actions/changed-files utility up to 45.0.7 had been modified by a threat actor on March 14. Normally this tool ...
SecurityWeek3mon
Popular GitHub Action Targeted in Supply Chain Attack
On March 15, GitHub removed the tj-actions/changed-files action and restored it on the same day after the malicious commit was removed from all tags and branches. Tj-actions developers and the ...
The Record3mon
GitHub restores code following malicious changes to tj-actions tool
GitHub restores code following malicious changes to tj-actions tool GitHub was forced to take action this weekend to help users after a threat actor compromised a popular open source package used by ...