And it could end up being an even bigger supply chain attack than SolarWinds, given that 3CX reports having more than 600,000 customers, double the number of SolarWinds customers at the time of ...

According to the cybersecurity firms analyzing the incident, the attacker initially tried to compromise the Coinbase ...

the workflow, but this is a hassle." As the supply-chain attack demonstrates, many GitHub users weren't following these best practices. Repositories using tj-actions that trusted tags rather than ...

Subsequent investigation showed that the attack was likely made possible via another supply chain attack targeting the "reviewdog/action-setup@v1" GitHub Action. That breach may have compromised a ...

Days after the supply chain compromise of communications software maker 3CX came to light, plenty of important questions remain about the far-reaching attack — which has drawn comparisons to ...

A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally target ...

Communications app maker 3CX on Thursday acknowledged that its Windows VoIP app "includes a security issue" and has been the subject of a software supply chain attack, amid reports from ...

The threat actor behind the 3CX supply chain compromise appears to have been targeting cryptocurrency companies with the attack, according to findings from Kaspersky Lab released Monday.

A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD ...

Security researchers warn there's another likely supply chain attack underway in GitHub just days after uncovering a hack that subverted a widely used tool in the software development environment.