Dark Reading

Heroku: Cyberattacker Used Stolen OAuth Tokens to Steal Customer Account Credentials

Salesforce subsidiary Heroku on Thursday said that the threat actor that stole Heroku GitHub integration OAuth tokens in April also accessed an internal database containing hashed and salted passwords ...
ZDNet

Heroku to begin user password reset almost a month after GitHub OAuth token theft

Heroku has alerted a "subset" of its users that it is going to reset their passwords on May 4 unless they change passwords beforehand. In resetting the password, the company is warning that existing ...
InfoWorld

Thousands of open source projects at risk from hack of GitHub Actions tool

App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was ...