InfoWorld

GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments

Wiz has found threat actors exploiting GitHub tokens, giving them access to GitHub Action Secrets and, ultimately, cloud ...
Bleeping Computer

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. The malicious ...
DataBreachToday

APIs Demand Dynamic Security, Not Static Controls

API security is evolving fast as AI, new architectures and distributed teams reshape how developers build and secure modern ...
Morningstar

Salt Security Launches GitHub Connect to Proactively Discover Shadow APIs and MCP Risks in Code Repositories

New capability for the Salt Illuminate™ platform moves discovery "From Code to Context," identifying risky MCP servers and shadow APIs before deployment. With GitHub Connect, Salt enables customers to ...
CSOonline

New Shai-Hulud worm spreading through npm, GitHub

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers. A new version of the Shai-Hulud credentials-stealing ...
CNBC

8 reasons why people take out personal loans, and what to consider if you do

Few Americans have the cash they need on hand to pay for big-ticket items upfront. That's why it's not unusual for people to take out mortgages, car loans and student loans, so they can pay for these ...