The Hacker News

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.

Megalodon cyberattack infects 5,500 GitHub open-source repositories with malware, researchers say

Security researchers say 5,500 GitHub repositories have been affected by the attack.

CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository

CISA is investigating after a contractor’s public GitHub repository exposed AWS GovCloud credentials, internal files, and passwords.
NewsBytes

Why Microsoft has shut down code repositories on GitHub

Hackers infiltrated Microsoft's open-source projects on GitHub, embedding password-stealing malware into the code, prompting ...

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases.
Dark Reading

Hackers Hide Remcos RAT in GitHub Repository Comments

Trusted and widely used software development and collaboration platforms like GitHub and GitLab have become both targets of and vehicles for a growing range of malicious activity. The latest ...

GitHub says hackers stole data from thousands of internal repositories

The code hosting giant GitHub said it was investigating a breach, but said there was no evidence of customer data theft.
Forbes

GitHub Says 3,800 Repositories Breached—TeamPCP Hackers Demand $50,000

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. GitHub confirms 3,800 repositories breached. GitHub, the cloud-based hosting service used by ...
Geeky Gadgets

Why your private GitHub repos may not be as secure as you think

Private and deleted GitHub repositories are not as secure as users might assume. Data from deleted forks, deleted repositories, and private repositories can still be accessed, often indefinitely. This ...