The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at Linux users....
New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware...
Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed...
Security researchers are warning of “a trove of sensitive information” leaking through urlscan.io, a website scanner for suspicious and malicious URLs. “Sensitive...
Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories and mount...
Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers...
An unpatched security issue in the Travis CI API has left tens of thousands of developers’ user tokens exposed to potential attacks,...
A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal...
GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository...
Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens...
The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM...
If you are reading this, thinking about your personal data or even secrets, you may have bigger problems than you can solve....
Code-hosting platform GitHub Friday officially announced a series of updates to the site’s policies that delve into how the company deals with...
Around two years back, North Carolina State University researchers discovered [PDF] that over 100,000 GitHub repositories had leaked cryptographic (TLS and SSH)...
So far, Facebook Messenger users in 80 countries have been targeted by this phishing scam, reports Group-IB. The Singapore-based cybersecurity firm Group-IB...
A tool to hunt for credentials in the GitHub wild AKA git*hunt Getting started Install the tool Configure your GitHub token...
In its latest blog post, the code hosting platform GitHub has announced that it is adding an HTTP header for github.com and...
The database was available for anyone to access without a password. Recently on October 16, 2019, a team of two dark web...
At the ongoing GitHub Universe event, COO Erica Brescia unveiled a series of announcements focused on securing the open-source code. The major...
Like every year, GitHub has released its annual Octoverse 2019 report where it highlights the major changes and trends in the developer...
It’s that time of year again when GitHub releases its annual Octoverse report and gives us a glimpse of the current state...