GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing.
The post GitHub Boosting Security in Response to NPM Supply Chain Attacks appeared first on SecurityWeek.
A supply chain attack called GhostAction has enabled threat actors to steal secrets and exploit them.
The post GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets appeared first on SecurityWeek.
The private repositories of hundreds of organizations were published publicly in the second phase of the Nx supply chain attack.
The post Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack appeared first on SecurityWeek.
A high-severity vulnerability in GitHub Enterprise Server could have allowed remote attackers to execute arbitrary code.
The post Code Execution Vulnerability Patched in GitHub Enterprise Server appeared first on SecurityWeek.
Trend Micro and ReversingLabs uncovered over 100 GitHub accounts distributing malware embedded in open source hacking tools.
The post New Campaigns Distribute Malware via Open Source Hacking Tools appeared first on SecurityWeek.
Data broker giant LexisNexis Risk Solutions says personal information was stolen from 364,000 people in a December 2024 data breach.
The post 364,000 Impacted by Data Breach at LexisNexis Risk Solutions appeared first on SecurityWeek.
A security researcher has discovered hundreds of leaked secrets by restoring files deleted from GitHub repositories.
The post Files Deleted From GitHub Repos Leak Valuable Secrets appeared first on SecurityWeek.
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
The post Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed appeared first on SecurityWeek.
The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.
The post Popular GitHub Action Targeted in Supply Chain Attack appeared first on SecurityWeek.
GitHub patches a trio of security defects in the GitHub Enterprise Server product and recommends urgent patching for corporate users.
The post Critical Authentication Flaw Haunts GitHub Enterprise Server appeared first on SecurityWeek.
Impostazioni privacy
Questo sito utilizza i cookie per migliorare la tua esperienza di navigazione su questo sito.
