News

CSOonline2y

Software projects face supply chain security risk due to insecure ...

Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack.
CSOonline2mon

GitHub Actions attack renders even security-aware orgs vulnerable

Security risks associated with GitHub Actions workflows are not new. Still, researchers from Sysdig have identified dozens of vulnerable projects, including ones from high-profile security-aware ...
Infosecurity-magazine.com2y

Malicious Actors Exploit GitHub to Distribute Fake Exploits

A series of malicious GitHub repositories masquerading as legitimate security research projects have been discovered. VulnCheck researcher Jacob Baines shared the findings in a new advisory published ...
Ars Technica1mon

GitHub abused to distribute payloads on behalf of malware-as-a-service

Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to ...
TechRepublic1y

GitHub Universe: Open Source Trends Report and New AI Security Products

GitHub Advanced Security gains some AI features, and GitHub Copilot now includes a chatbot option. Github Copilot Enterprise is expected in February 2024.
ZDNet5y

Hackers stole GitHub and GitLab OAuth tokens from Git analytics firm ...

Waydev, an analytics platform used by software companies, has disclosed a security breach earlier this month. The company says that hackers broke into its platform and stole GitHub and GitLab ...