GitHub Archives

Data Protection

Files Deleted From GitHub Repos Leak Valuable Secrets

A security researcher has discovered hundreds of leaked secrets by restoring files deleted from GitHub repositories.

Ionut ArghireApril 23, 2025

Application Security

GitHub Announces General Availability of Security Campaigns

GitHub security campaigns make it easier for developers and security teams to collaborate on fixing vulnerabilities in their applications.

Eduard KovacsApril 10, 2025

Data Protection

39 Million Secrets Leaked on GitHub in 2024

GitHub has announced new capabilities to help organizations and developers keep secrets in their code protected.

Ionut ArghireApril 3, 2025

Supply Chain Security

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed

More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.

Eduard KovacsMarch 21, 2025

Application Security

Popular GitHub Action Targeted in Supply Chain Attack

The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.

Eduard KovacsMarch 17, 2025

Application Security

GitHub Launches Fund to Improve Open Source Project Security

GitHub has launched a $1.25 million fund to be invested in improving the security of 125 open source projects.

Ionut ArghireNovember 20, 2024

Cybercrime

GitLoker Strikes Again: New “Goissue” Tool Targets GitHub Developers and Corporate Supply Chains

GoIssue is a new tool for cybercriminals that allows attackers to extract email addresses from GitHub profiles and send bulk emails to users.

Kevin TownsendNovember 12, 2024

Vulnerabilities

GitHub Patches Critical Vulnerability in Enterprise Server

A critical-severity flaw in GitHub Enterprise Server could lead to unauthorized access to the vulnerable instances.

Ionut ArghireOctober 15, 2024

Identity & Access

Critical Authentication Flaw Haunts GitHub Enterprise Server

GitHub patches a trio of security defects in the GitHub Enterprise Server product and recommends urgent patching for corporate users.

Ryan NaraineAugust 21, 2024

Vulnerabilities

GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories

Misconfigurations and security bugs lead to GitHub Actions artifacts exposing tokens for third party cloud services and GitHub repositories.

Ionut ArghireAugust 15, 2024

Application Security

GitHub Makes Copilot Autofix Generally Available

GitHub has made AI-powered Copilot Autofix generally available to help developers fix code vulnerabilities faster.

Ionut ArghireAugust 15, 2024

Malware & Threats

Network of 3,000 GitHub Accounts Used for Malware Distribution

Stargazer Goblin has created a network of over 3,000 GitHub accounts to distribute malware through phishing repositories.

Ionut ArghireJuly 25, 2024

Artificial Intelligence

Ex-GitHub Engineers Raise $20M to Enhance Pen-Testing with AI-Powered XBOW

A team of former GitHub engineers has secured $20 million in venture capital funding to build AI-powered security tools.

Ryan NaraineJuly 16, 2024

Vulnerabilities

GitHub Paid Out Over $4 Million via Bug Bounty Program

The code hosting platform GitHub has paid out more than $4 million since the launch of its bug bounty program 10 years ago.

Eduard KovacsJune 12, 2024

Vulnerabilities

Critical Authentication Bypass Resolved in GitHub Enterprise Server

Critical vulnerability in GitHub Enterprise Server allows unauthenticated attackers to obtain administrative privileges.

Ionut ArghireMay 22, 2024

Malware & Threats

Threat Actors Manipulate GitHub Search to Deliver Malware

Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code.

Ionut ArghireApril 12, 2024

Application Security

GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta

GitHub’s code scanning autofix delivers remediation suggestions for two-thirds of the identified vulnerabilities.

Ionut ArghireMarch 21, 2024

Vulnerabilities

GitHub Rotates Credentials in Response to Vulnerability

GitHub rotates credentials and releases patches after being alerted of a vulnerability affecting GitHub.com and GitHub Enterprise Server.

Ionut ArghireJanuary 17, 2024

Application Security

Stolen GitHub Credentials Used to Push Fake Dependabot Commits

Threat actors have been using stolen GitHub personal access tokens to push malicious code posing as Dependabot contributions.

Ionut ArghireSeptember 27, 2023

Artificial Intelligence

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.

Ryan NaraineSeptember 18, 2023

SECURITYWEEK NETWORK:

ICS:

All posts tagged "GitHub"

Data Protection

Files Deleted From GitHub Repos Leak Valuable Secrets

Application Security

GitHub Announces General Availability of Security Campaigns

Data Protection

39 Million Secrets Leaked on GitHub in 2024

Supply Chain Security

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed

Application Security

Popular GitHub Action Targeted in Supply Chain Attack

Application Security

GitHub Launches Fund to Improve Open Source Project Security

Cybercrime

GitLoker Strikes Again: New “Goissue” Tool Targets GitHub Developers and Corporate Supply Chains

Vulnerabilities

GitHub Patches Critical Vulnerability in Enterprise Server

Identity & Access

Critical Authentication Flaw Haunts GitHub Enterprise Server

Vulnerabilities

GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories

Application Security

GitHub Makes Copilot Autofix Generally Available

Malware & Threats

Network of 3,000 GitHub Accounts Used for Malware Distribution

Artificial Intelligence

Ex-GitHub Engineers Raise $20M to Enhance Pen-Testing with AI-Powered XBOW

Vulnerabilities

GitHub Paid Out Over $4 Million via Bug Bounty Program

Vulnerabilities

Critical Authentication Bypass Resolved in GitHub Enterprise Server

Malware & Threats

Threat Actors Manipulate GitHub Search to Deliver Malware

Application Security

GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta

Vulnerabilities

GitHub Rotates Credentials in Response to Vulnerability

Application Security

Stolen GitHub Credentials Used to Push Fake Dependabot Commits

Artificial Intelligence

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

Featured

Malware & Threats

DanaBot Botnet Disrupted, 16 Suspects Charged

Incident Response

Marks & Spencer Expects Ransomware Attack to Cost $400 Million

ICS/OT

Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers

Vulnerabilities

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025

Incident Response

From 60 to 4,000: NATO’s Locked Shields Reflects Cyber Defense Growth

ICS/OT

Production at Steelmaker Nucor Disrupted by Cyberattack

Nation-State

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

Latest News

Management & Strategy

In Other News: Volkswagen App Hacked, DR32 Sentenced, New OT Security Solution

Threat Intelligence

On Demand: Threat Detection & Incident Response (TDIR) Summit

Cybercrime

Russian Qakbot Gang Leader Indicted in US

Malware & Threats

Companies Warned of Commvault Vulnerability Exploitation

Malware & Threats

Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks

Malware & Threats

Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors

Email Security

Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw

Daily Briefing Newsletter