News

Hosted on MSN1mon
That massive GitHub supply chain attack? It all started with a stolen SpotBugs token
"The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular open-source tool for static analysis of bugs in code," Omer Gil, Aviad Hahami ...