A security researcher has discovered hundreds of leaked secrets by restoring files deleted from GitHub repositories.
The post Files Deleted From GitHub Repos Leak Valuable Secrets appeared first on SecurityWeek.
Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
The post Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed appeared first on SecurityWeek.
Popular GitHub Action Targeted in Supply Chain Attack
The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.
The post Popular GitHub Action Targeted in Supply Chain Attack appeared first on SecurityWeek.
Critical Authentication Flaw Haunts GitHub Enterprise Server
GitHub patches a trio of security defects in the GitHub Enterprise Server product and recommends urgent patching for corporate users.
The post Critical Authentication Flaw Haunts GitHub Enterprise Server appeared first on SecurityWeek.
GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories
Misconfigurations and security bugs lead to GitHub Actions artifacts exposing tokens for third party cloud services and GitHub repositories.
The post GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories appeared first on SecurityWeek.
GitHub Makes Copilot Autofix Generally Available
GitHub has made AI-powered Copilot Autofix generally available to help developers fix code vulnerabilities faster.
The post GitHub Makes Copilot Autofix Generally Available appeared first on SecurityWeek.
Network of 3,000 GitHub Accounts Used for Malware Distribution
Stargazer Goblin has created a network of over 3,000 GitHub accounts to distribute malware through phishing repositories.
The post Network of 3,000 GitHub Accounts Used for Malware Distribution appeared first on SecurityWeek.
Ex-GitHub Engineers Raise $20M to Enhance Pen-Testing with AI-Powered XBOW
A team of former GitHub engineers has secured $20 million in venture capital funding from Sequoia to build AI-powered security tools.
The post Ex-GitHub Engineers Raise $20M to Enhance Pen-Testing with AI-Powered XBOW appeared first on SecurityWeek.
GitHub Paid Out Over $4 Million via Bug Bounty Program
The code hosting platform GitHub has paid out more than $4 million since the launch of its bug bounty program 10 years ago.
The post GitHub Paid Out Over $4 Million via Bug Bounty Program appeared first on SecurityWeek.
Critical Authentication Bypass Resolved in GitHub Enterprise Server
Critical vulnerability in GitHub Enterprise Server allows unauthenticated attackers to obtain administrative privileges.
The post Critical Authentication Bypass Resolved in GitHub Enterprise Server appeared first on SecurityWeek.