The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...

GitHub disables Microsoft repos pushing password-stealing malware

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, ...
Bleeping Computer

GitHub repos bombarded by info-stealing commits masked as Dependabot

Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers. The campaign unfolded in July ...

Microsoft disables over 70 GitHub repos after hackers compromised them with dangerous malware

Someone forgot to change compromised credentials ...
The Hacker News

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.
Dark Reading

'Water Curse' Targets Infosec Pros via Poisoned GitHub Repositories

A newly identified threat group has weaponized GitHub repositories offering what appear to be legitimate pen-testing and other security tools to deliver malware via malicious build scripts and project ...
Dark Reading

Millions of Repos on GitHub Are Potentially Vulnerable to Hijacking

Millions of enterprise software repositories on GitHub are vulnerable to repojacking, a relatively simple kind of software supply chain attack where a threat actor redirects projects that are ...
Geeky Gadgets

Why your private GitHub repos may not be as secure as you think

Private and deleted GitHub repositories are not as secure as users might assume. Data from deleted forks, deleted repositories, and private repositories can still be accessed, often indefinitely. This ...
CoinTelegraph

GitHub investigates unauthorized access to internal repositories

GitHub said the activity involved the exfiltration of about 3,800 internal repositories, and it removed the malicious code extension. GitHub said on Wednesday it is investigating unauthorized access ...