Security experts claim that the publicly listed exchange Coinbase was the primary target in the GitHub Action supply chain attack. According to the cybersecurity firms analyzing the incident ...

Leaked SpotBugs PAT in November 2024 led to a GitHub supply chain attack, compromising Coinbase in March 2025.

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen ...

Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.

Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. As previously ...

The threat actors in the GitHub Action supply chain attack were targeting Coinbase as part of their initial wave, according to a report from Palo Alto Networks Unit 42. Researchers from Wiz ...

We know a bit more about the GitHub Actions supply chain attack from last month. Palo Alto’s Unit 42 has been leading the ...

Coinbase successfully thwarted a supply chain attack targeting its open-source AI toolkit, agentkit. However, Coinbase’s swift response, along with support from security experts, prevented any serious ...

"The attacker obtained a GitHub token with write permissions to the coinbase/agentkit repository on March 14, 2025, 15:10 UTC, less than two hours before the larger attack was initiated against tj ...