Application Security GitHub Launches Fund to Improve Open Source Project Security GitHub has launched a $1.25 million fund to be invested in improving the security of 125 open source projects. Ionut ArghireNovember 20, 2024
Cybercrime GitLoker Strikes Again: New “Goissue” Tool Targets GitHub Developers and Corporate Supply Chains GoIssue is a new tool for cybercriminals that allows attackers to extract email addresses from GitHub profiles and send bulk emails to users. Kevin TownsendNovember 12, 2024
Vulnerabilities GitHub Patches Critical Vulnerability in Enterprise Server A critical-severity flaw in GitHub Enterprise Server could lead to unauthorized access to the vulnerable instances. Ionut ArghireOctober 15, 2024
Identity & Access Critical Authentication Flaw Haunts GitHub Enterprise Server GitHub patches a trio of security defects in the GitHub Enterprise Server product and recommends urgent patching for corporate users. Ryan NaraineAugust 21, 2024
Vulnerabilities GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories Misconfigurations and security bugs lead to GitHub Actions artifacts exposing tokens for third party cloud services and GitHub repositories. Ionut ArghireAugust 15, 2024
Application Security GitHub Makes Copilot Autofix Generally Available GitHub has made AI-powered Copilot Autofix generally available to help developers fix code vulnerabilities faster. Ionut ArghireAugust 15, 2024
Malware & Threats Network of 3,000 GitHub Accounts Used for Malware Distribution Stargazer Goblin has created a network of over 3,000 GitHub accounts to distribute malware through phishing repositories. Ionut ArghireJuly 25, 2024
Artificial Intelligence Ex-GitHub Engineers Raise $20M to Enhance Pen-Testing with AI-Powered XBOW A team of former GitHub engineers has secured $20 million in venture capital funding to build AI-powered security tools. Ryan NaraineJuly 16, 2024
Vulnerabilities GitHub Paid Out Over $4 Million via Bug Bounty Program The code hosting platform GitHub has paid out more than $4 million since the launch of its bug bounty program 10 years ago. Eduard KovacsJune 12, 2024
Vulnerabilities Critical Authentication Bypass Resolved in GitHub Enterprise Server Critical vulnerability in GitHub Enterprise Server allows unauthenticated attackers to obtain administrative privileges. Ionut ArghireMay 22, 2024
Malware & Threats Threat Actors Manipulate GitHub Search to Deliver Malware Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code. Ionut ArghireApril 12, 2024
Application Security GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta GitHub’s code scanning autofix delivers remediation suggestions for two-thirds of the identified vulnerabilities. Ionut ArghireMarch 21, 2024