一起影响超过700家组织（包括多家知名网络安全公司）的复杂供应链攻击事件，现已溯源至Salesloft公司GitHub账户在2025年3月遭到的入侵。2025年9月6日的最新通报显示，网络安全公司Mandiant调查确认，攻击者利用这一初始访问权限， ...

The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the ...

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...

Salesloft has revealed that threat actors targeted customer Salesforce data after breaching its GitHub account ...

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys.

Threat actors had access to Salesloft’s GitHub account between March and June 2025 and performed reconnaissance.

Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed ...

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in ...

With hackers abusing GitHub to perpetuate their attacks, Microsoft should use AI to clean up its industry-leading software-sharing platform. When you purchase through links on our site, we may earn an ...

Hackers are embedding malware commands in Ethereum smart contracts, disguising them as ordinary blockchain traffic and ...

Hackers are creating hundreds of fake GitHub projects aiming to dupe users into downloading crypto and credential-stealing ...