GIGAZINE

Unauthorized access to dozens of private repositories including 'npm' occurred on GitHub, what is the damage situation and countermeasures?

The GitHub security team discovered unauthorized access to npm's private repository on April 12, 2022. As a result of investigating the cause of unauthorized access, access tokens to private ...
CSOonline

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own name. A ...