A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases.

Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers. The campaign unfolded in July ...

This open-source tool turns your RSS feeds into a static website hosted free on GitHub Pages ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. Mercedes-Benz is a prestigious German car, bus, and truck ...

Government IT offices now have access to a vast range of open source software resources and developers since GitHub gained FedRAMP operating authority for its Enterprise Cloud, according to a new ...

GitHub Team accounts leave enterprises exposed. eScan enforces corporate-only authentication across all GitHub tiers — no Enterprise plan required. Organizations face an impossible choice. Spend 5x ...

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.

Attackers have taken over GitHub repositories, copied their contents and then deleted them. The maintainers only found a readme file in the renamed repositories, which prompted them to contact the ...