CSOonline

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack. The way build ...
CSOonline

Major GitHub repos leak access tokens putting code and clouds at risk

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure. An analysis of build ...
Yahoo Finance

Sonatype Launches Nexus Repository Cloud for the Gen AI Era

Fulton, Md., Oct. 08, 2025 (GLOBE NEWSWIRE) -- Sonatype®, the leader in AI-centric DevSecOps, today announced the launch of Nexus Repository available in the cloud, the fully managed SaaS version of ...
Dark Reading

GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects

Researchers have uncovered an attack vector that affected GitHub open source projects owned by Google, Microsoft, Amazon Web Services, and others, executed by abusing artifacts generated as part of ...
adtmag.com

JFrog Releases 'Universal' Artifact Repository

JFrog today announced the release of Artifactory 4, its cloud-based binary repository manager, which the company is billing as the first "universal" artifact repository, and the biggest product ...
SDxCentral

Repository for Software Attestation and Artifacts Now Live

Software producers who partner with the federal government can now upload their Secure Software Development Attestation Forms to CISA's Repository for Software Attestation and Artifacts. Software ...