Bleeping Computer

GitHub comments abused to push malware via Microsoft repo URLs

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. While most ...
Dark Reading

'Water Curse' Targets Infosec Pros via Poisoned GitHub Repositories

A newly identified threat group has weaponized GitHub repositories offering what appear to be legitimate pen-testing and other security tools to deliver malware via malicious build scripts and project ...
Bleeping Computer

GitHub now can auto-block token and API key leaks for all repos

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. Today's announcement comes after the company introduced push ...
Dark Reading

Why Attackers Target GitHub, and How You Can Secure It

Last week Okta announced a security breach that involved an attacker gaining access to its source code hosted in GitHub. That's just the latest example in a long string of attacks gaining access to ...