Mastodawn

Olly 👾Oct 7, 2025

#PyPI invalidates Tokens stolen in #GhostAction #Supply #Chain #Attack

The Python Software Foundation team has confirming that the threat actors didn't abuse them to publish malware. These tokens are used to publish packages on the PyPI, a software repository that acts as the default source for Python's package management tools.

https://blog.pypi.org/posts/2025-09-16-github-actions-token-exfiltration/

#it #security #privacy #engineer #media #python #programming #developer #tech #news

TechNadu Sep 19, 2025

⚠️ PyPI revokes all tokens stolen in the GhostAction supply chain attack
Malicious GitHub Actions exfiltrated tokens
- No PyPI packages compromised
- Developers advised to use short-lived Trusted Publisher tokens

💬 How do you safeguard DevOps pipelines against supply chain threats?

Follow @technadu for updates.

#CyberSecurity #SupplyChainAttack #PyPI #Python #DevSecOps #GhostAction #OpenSourceSecurity #TokenSecurity #GitHubActions

Cyber Kendra

Sep 9, 2025

🚨 Another Supply Chain Attack hits the tech world!
The "GhostAction" campaign compromised 327 GitHub users and stole 3,325+ developer secrets through malicious workflows. This is the third major supply chain attack this month!
https://www.cyberkendra.com/2025/09/ghostaction-attack-exposes-3325.html
Swipe to see the attack timeline and what developers need to do NOW to protect themselves.
#supplychain #ghostaction #github

GhostAction Attack Exposes 3,325 Developer Secrets in Massive GitHub Supply Chain Breach

A supply chain attack dubbed " GhostAction " has compromised 327 GitHub users across 817 repositories, successfully exfiltrating 3,325 sensitive credentials, including PyPI, npm, and DockerHub tokens. Security firm GitGuardian discovered t…

Cyber Kendra