SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack

By: The Hacker News Posted On: April 04, 2025 View: 5

The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs. "The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular open-source tool for

Read this on The Hacker News

Latest News

Contact Us

[email protected]

About

Headlines Portal is your source for all news globally.

Latest News

Popular News

Featured News