"The attacker obtained a GitHub token with write permissions to the coinbase/agentkit repository on March 14, 2025, 15:10 UTC, less than two hours before the larger attack was initiated against tj ...

Leaked SpotBugs PAT in November 2024 led to a GitHub supply chain attack, compromising Coinbase in March 2025.

Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. As previously ...

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise ...

The threat actors in the GitHub Action supply chain attack were targeting Coinbase as part of their initial wave, according to a report from Palo Alto Networks Unit 42. Researchers from Wiz ...

Researchers claim primary target of a recent cascading supply chain attack was Coinbase The cryptocurrency exchange was not compromised, but hundreds of other projects might suffer The attack went ...

That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow - exposed way back in November, months earlier than ...

Proper secrets management could have prevented or reduced the impact of the Oracle Cloud & Coinbase breaches-- learn what ...

We know a bit more about the GitHub Actions supply chain attack from last month. Palo Alto’s Unit 42 has been leading the ...