How safe are your GitHub repositories? If they are public, a set of recent compromises has called their security into question. The widely-used GitHub Actions tool, owned and maintained by Microsoft, has been the source of at least one major supply chain attack.
It is not clear exactly what sort of source code was taken from the GitHub repositories during the security breach, but Slack says that it was not part of the primary codebase.
Another breach of GitHub repositories is causing another big problem for authentication services provider Okta. Client login information does not appear to have been compromised in the breach, but the theft of some amount of source code has raised some concerns about future developments.
Security breach was traced back to an employee that followed a phishing link to a bogus login page and entered their credentials on October 13. The attackers then took the credentials and used them to raid some 130 GitHub repositories belonging to Dropbox.