This incident underscores the critical need for robust security practices in managing cloud credentials, highlighting potential supply chain vulnerabilities.
The post CISA exposed plaintext passwords and cloud keys on GitHub for six months appeared first on Crypto Briefing.
Faced with the growing volume of submission to its bug bounty program, GitHub is replacing cash bounties with swag rewards for reports with low security impact — and asking researchers to stop submitting reports that are low quality or about things that aren’t its fault.
The cloud-based code repository platform has seen a sharp increase in submissions that don’t demonstrate real security impact over the past year due to newer tools such as generative AI.
“Not every valid submission represents a meaningful security risk. Some reports identify hardening opportunities or documentation gaps,” Jarom Brown, a senior security researcher at GitHub, wrote in a blog post.
On top of that, he said, many of the reports GitHub receives describe out-of-scope scenarios in which someone experiences an “undesirable” outcome after interacting with malicious content in GitHub.
“These reports are often well-written and technically accurate in their observations, but they misunderstand where the security bo
Mini Shai-Hulud npm campaign compromises @antv packages, targeting blockchain developers’ GitHub tokens, AWS keys, and CI/CD secrets in a coordinated supply chain attack. The malicious publishes started just before 2 a.m. UTC on May 19. By the time most developers on the East Coast had their first coffee, the damage was already done. Socket’s Threat […]
The post npm Supply Chain Attack Hits @antv: Blockchain Dev Secrets Now Exposed appeared first on Live Bitcoin News.
CISA this year has already started accelerating the deadlines for agencies to patch software bugs posted to the Known Exploited Vulnerabilities (KEV) catalog.
Agentic AI is changing the way users get work done. Following the success of OpenClaw, the community is embracing new open source agentic frameworks. The latest is Hermes Agent, which crossed 140,000 GitHub stars in under three months.
Ord.io will shut down on June 1, 2026, after about three years of operation. The platform served more than 1 million users as a Bitcoin Ordinals explorer. Ord.io plans to open‑source its historical likes, replies, and address data on GitHub. The Bitcoin industry is on the verge of a significant transition as one of the […]
The post Why Ord.io Is Closing Despite Becoming a Top Ordinals Platform appeared first on Live Bitcoin News.
An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a dead-man’s switch that nukes your system. The attacker’s timing was specific. A fork, a hidden commit, a zero-diff pull request, and then nothing visible for nearly eight hours. On May 11, between 19:20 and 19:26 […]
The post The npm Package That Wipes Your Files When You Try to Stop It appeared first on Live Bitcoin News.
