Snowflake deepens AWS tie-up as AI data war with Databricks escalates

Snowflake Inc. SNOW dropped a one-two punch Wednesday evening: a blowout quarter and a $6 billion commitment to Amazon.com ...
SecurityWeek

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.
TechRadar

Critical AWS supply chain vulnerability could have let hackers take over key GitHub repositories

Wiz discovered AWS CodeBuild misconfiguration enabling unauthorized privileged builds, dubbed “CodeBreach.” Flaw risked exposing GitHub tokens and enabling supply chain attacks across AWS projects AWS ...
Krebs on Security

CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS ...
Bleeping Computer

Millions of GitHub repos likely vulnerable to RepoJacking, researchers say

Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of ...

CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository

CISA is investigating after a contractor’s public GitHub repository exposed AWS GovCloud credentials, internal files, and ...

GitHub links repo breach to TanStack npm supply-chain attack

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS ...