GitHub has announced today that account passwords will no longer be accepted for authenticating Git operations starting tomorrow.
The 2021 Ultimate GitOps Certification Bundle helps you break into this lucrative niche, with 11 full-length video courses packed with information. It's worth $2,200, but you can get the bundle today for only $34.99
GitHub has recently expanded its secrets scanning capabilities to repositories containing PyPI and RubyGems registry secrets. The move helps protect millions of applications built by Ruby and Python developers who may inadvertently be committing secrets and credentials to their public GitHub repos.
GitHub announced on Friday their updated community guidelines that explain how the company will deal with exploits and malware samples hosted on their service.
GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts.
GitHub has announced rolling out a mysterious HTTP header on all GitHub Pages sites to block Google FLoC tracking.
GitHub Actions has been abused by attackers to mine cryptocurrency using GitHub's servers, automatically.The particular attack adds malicious GitHub Actions code to repositories forked from legitimate ones, and further creates a Pull Request for the original repository maintainers to merge the code back, to alter the original code.
GitHub Arctic Code Vault has likely inadvertently captured sensitive patient medical records from multiple healthcare facilities. The private data was leaked on GitHub repositories last year that are now part of a collection of open-source contributions bound to last a 1,000 years.
In the latest software supply chain attack, the official PHP Git repository was hacked and tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.php.net server. The threat actors had signed off on these commits as if they were made by known PHP developers.
A security researcher was able to add a counterfeit test package to the official list of Microsoft Azure SDK latest releases. The simple trick if abused by an attacker can give off the impression that their malicious package is part of the Azure SDK suite.
Last night, GitHub automatically logged out many users and invalidated their sessions to protect user accounts against a potentially serious security vulnerability. Earlier this month GitHub had received a report of anomalous behavior from an external party.
This month a researcher was awarded a bug bounty award of an undisclosed amount after he broke into the official GitHub repository of Microsoft Visual Studio Code. A vulnerability in VS Code's issue management function and a lack of authentication checks enabled the researcher to obtain push access, and write to the repository.
A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script.
Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with over 30 vulnerability exploits, according to researchers at Juniper Labs.
GitHub has announced today that YouTube-dl's repository was reinstated after reversing a Digital Millennium Copyright Act (DMCA) takedown from last month.
A newly discovered worm and botnet named Gitpaste-12 lives on GitHub and also uses Pastebin to host malicious code. The advanced malware comes equipped with reverse shell and crypto mining capabilities.
This morning, GitHub's pristine layout vanished in what looks like a miss on the company's part in renewing an SSL certificate. The expired certificate prevented numerous resources like images, JavaScript, and CSS stylesheets from loading correctly on GitHub.
GitHub has issued a warning that accounts could be banned if they continue to upload content that was removed due to DMCA takedown notices.
Users of the extremely popular YouTube-dl YouTube media downloader have flooded GitHub with new repositories containing the tool's source code after GitHub took down the project's repositories on Friday.
GitHub notified DeepSource earlier this month of detecting malicious activity related to the startup's GitHub app after one of their employees fell victim to the Sawfish phishing campaign.