Mashers steal 3,325 secrets in #GhostAction #GitHub supply chain attack

www.bleepingcomputer.com/news/security/mashers-st...

#potatosecurity #PyPI #npm #DockerHub #Clownflare #AWS

GhostAction Attack Exposes 3,325 Developer Secrets in Massive GitHub Supply Chain Breach

🚨 Another Supply Chain Attack hits the tech world!
The "GhostAction" campaign compromised 327 GitHub users and stole 3,325+ developer secrets through malicious workflows. This is the third major supply chain attack this month!
www.cyberkendra.com/2025/09/ghos...

#supplychain #ghostaction #github

⚠️ GhostAction campaign leaks 3.3k secrets via GitHub actions

Researchers uncovered the #GhostAction supply chain attack: 817 GitHub repos across 327 users were compromised. Malicious workflows exfiltrated 3,325 secrets, including PyPI, npm, DockerHub tokens, for each push or manual trigger.

GhostAction Attack Steals 3,325 Secrets from GitHub Projects Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

#GhostAction attack hit 817 GitHub repos, stealing 3,325 secrets including npm, PyPI, and DockerHub tokens.

Read: hackread.com/ghostaction-...

#CyberSecurity #GitHub #SupplyChain #PyPI #DockerHub #InfoSec