News

Security Boulevard6h

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...
Hosted on MSN5mon

These fake GitHub "security alerts" could actually let hackers ... - MSN

Cybercriminals are faking security alerts on GitHub to get unsuspecting users to install malicious applications and lose their work, experts have warned.
InfoWorld10d

A wake-up call for identity security in devops

The GitHub OAuth attack exposed a security blind spot in the ever-growing web of permissions spanning developers, service ...
Morningstar4mon

Opsera's New Advanced Security Dashboard Improves GitHub Security ...

New security dashboard works as a single pane of glass with Opsera's broader GitHub offerings SAN FRANCISCO, May 1, 2025 /PRNewswire/ -- Opsera, the AI-powered DevOps platform trusted by top ...
The Register on MSN7d

GitHub engineer claims team was 'coerced' to put Grok into Copilot

Platform's staffer complains security review was 'rushed' Microsoft-owned collaborative coding platform GitHub is deepening ...
Ars Technica1mon

GitHub abused to distribute payloads on behalf of malware-as-a-service

Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to ...
SD Times1y

GitHub’s Copilot Autofix generates remediation fixes for code ...

GitHub is rolling out a new feature to not only help developers find vulnerabilities, but fix them quickly. Copilot Autofix in GitHub Advanced Security (GHAS) analyzes vulnerabilities, explains ...
InfoQ1y

GitHub Advanced Security Generally Available for Azure DevOps

Microsoft announced the general availability of GitHub Advanced Security for Azure DevOps, allowing users to integrate code, secret, and dependency scanning into their Azure Repos and benefit from ...
SD Times5mon

GitHub introduces security campaigns to help developers reduce security ...

Security teams can adds risks that need to be addressed to a security campaign, which is then shared with developers who are impacted.
Infosecurity-magazine.com2y

Malicious Actors Exploit GitHub to Distribute Fake Exploits

A series of malicious GitHub repositories masquerading as legitimate security research projects have been discovered. VulnCheck researcher Jacob Baines shared the findings in a new advisory published ...
Bleeping Computer2y

GitHub revokes code signing certificates stolen in repo hack

GitHub says that unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning ...
Bleeping Computer2y

GitHub’s secret scanning alerts now available for all public repos

GitHub has announced that its secret scanning alerts service is now generally available to all public repositories and can be enabled to detect leaked secrets across an entire publishing history.