News
A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of ...
Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.
Developers affected by the deprecation of password authentication will need to switch to authentication using personal access tokens through HTTPS or SSH when working with Git, or enable GitHub ...
21hon MSN
GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign
Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...
GitHub revealed details tied to last week’s incident where hackers, using stolen OAuth tokens, downloaded data from private repositories.
GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts. Researchers at North Carolina State University (NCSU) found [PDF ...
GitHub has taken another step toward ditching passwords by requiring token-based authentication for its command line interface, third-party desktop apps, and other external services that directly ...
Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure.
Developers from hundreds of companies have included access tokens for their Slack accounts in public projects on GitHub, putting their teams’ internal chats and other data at risk. Slack has become ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback