all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Nearly 100,000 NPM Users' Credentials Stolen in GitHub OAuth Breach

Add to bookmarks
May 31, 2022, 4:12 a.m. | noreply@blogger.com (Ravie Lakshmanan)

The Hacker News thehackernews.com

Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of its integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information.
"Using stolen OAuth user tokens originating from two third-party integrators, Heroku and Travis CI, the attacker was able to escalate access to NPM infrastructure,"

breach credentials github npm oauth stolen

Visit resource

More from thehackernews.com / The Hacker News

U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks 11 hours ago | thehackernews.com
april assets attacks command +19
Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike 12 hours ago | thehackernews.com
attack called campaign cobalt +22
Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users 16 hours ago | thehackernews.com
app apps baidu chinese +22
CISO Perspectives on Complying with Cybersecurity Regulations 16 hours ago | thehackernews.com
accountability ciso cisos compliance +22
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners 18 hours ago | thehackernews.com
actor antivirus antivirus software avast +22
CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers 20 hours ago | thehackernews.com
actor cache campaign cdn +20
Apache Cordova App Harness Targeted in Dependency Confusion Attack 1 day, 11 hours ago | thehackernews.com
actor apache app attack +21
Webinar: Learn Proactive Supply Chain Threat Hunting Techniques 1 day, 14 hours ago | thehackernews.com
attacks breach cybersecurity defenses +23
Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases 1 day, 14 hours ago | thehackernews.com
access action call called +30

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

EY GDS Internship Program - SAP, Cyber, IT Consultant or Finance Talents with German language

@ EY | Wrocław, DS, PL, 50-086
View on infosec-jobs.com

Security Architect - 100% Remote (REF1604S)

@ Citizant | Chantilly, VA, United States
View on infosec-jobs.com

Network Security Engineer - Firewall admin (f/m/d)

@ Deutsche Börse | Prague, CZ
View on infosec-jobs.com

Junior Cyber Solutions Consultant

@ Dionach | Glasgow, Scotland, United Kingdom
View on infosec-jobs.com

Senior Software Engineer (Cryptography), Bitkey

@ Block | New York City, United States
View on infosec-jobs.com
View more jobs