Bleeping Computer

GitHub restores popular Python repo hit by bogus DMCA takedown

Yesterday, following a DMCA complaint from HackerRank, GitHub took down a repository that hosts the official SymPy project documentation website. First released fifteen years ago, SymPy is an open ...
CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
Ars Technica

Auth error trying to copy a repo with Github Actions

So, thanks to a helpful Github employee on StackOverflow, I learned that GHA has a couple of helpful "features" that were tripping me up: - The 'checkout@v2' action by default only does a minimal ...
InfoWorld

GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments

Wiz has found threat actors exploiting GitHub tokens, giving them access to GitHub Action Secrets and, ultimately, cloud ...