GitHub tightens npm security with mandatory 2FA, access tokens

GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale ...
The Hacker News

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.

How GitHub Is Securing the Software Supply Chain

In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the ...
Bleeping Computer

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. The attack was discovered by ...
TechRadar

GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign

GhostAction attack stole 3,325 secrets from 327 GitHub accounts GitGuardian helped shut it down and alerted affected projects A separate NPM attack hit 2,000 accounts but was unrelated Thousands of ...
TechCrunch

Salesloft says Drift customer data thefts linked to March GitHub account hack

Salesloft said a breach of its GitHub account in March allowed hackers to steal authentication tokens that were later used in a mass-hack targeting several of its Big Tech customers. Citing an ...
Business Insider

Crypto Airdrops 2025 | How to Find and Claim Free Crypto Tokens

Crypto airdrops are typically available to users who hold specific coins, complete certain actions, or participate in testnets. You can find upcoming airdrops by checking crypto airdrop aggregator ...
The New York Times

How FIFA already made millions on 2026 World Cup tickets before putting them on sale

FIFA has made millions of dollars selling fans the “right to buy” 2026 World Cup tickets before putting the actual tickets on sale. Soccer’s global governing body withheld nearly all World Cup ...