Identity & Access Critical Authentication Flaw Haunts GitHub Enterprise Server GitHub patches a trio of security defects in the GitHub Enterprise Server product and recommends urgent patching for corporate users. Ryan NaraineAugust 21, 2024
Vulnerabilities GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories Misconfigurations and security bugs lead to GitHub Actions artifacts exposing tokens for third party cloud services and GitHub repositories. Ionut ArghireAugust 15, 2024
Application Security GitHub Makes Copilot Autofix Generally Available GitHub has made AI-powered Copilot Autofix generally available to help developers fix code vulnerabilities faster. Ionut ArghireAugust 15, 2024
Malware & Threats Network of 3,000 GitHub Accounts Used for Malware Distribution Stargazer Goblin has created a network of over 3,000 GitHub accounts to distribute malware through phishing repositories. Ionut ArghireJuly 25, 2024
Artificial Intelligence Ex-GitHub Engineers Raise $20M to Enhance Pen-Testing with AI-Powered XBOW A team of former GitHub engineers has secured $20 million in venture capital funding to build AI-powered security tools. Ryan NaraineJuly 16, 2024
Vulnerabilities GitHub Paid Out Over $4 Million via Bug Bounty Program The code hosting platform GitHub has paid out more than $4 million since the launch of its bug bounty program 10 years ago. Eduard KovacsJune 12, 2024
Vulnerabilities Critical Authentication Bypass Resolved in GitHub Enterprise Server Critical vulnerability in GitHub Enterprise Server allows unauthenticated attackers to obtain administrative privileges. Ionut ArghireMay 22, 2024
Malware & Threats Threat Actors Manipulate GitHub Search to Deliver Malware Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code. Ionut ArghireApril 12, 2024
Application Security GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta GitHub’s code scanning autofix delivers remediation suggestions for two-thirds of the identified vulnerabilities. Ionut ArghireMarch 21, 2024
Vulnerabilities GitHub Rotates Credentials in Response to Vulnerability GitHub rotates credentials and releases patches after being alerted of a vulnerability affecting GitHub.com and GitHub Enterprise Server. Ionut ArghireJanuary 17, 2024
Application Security Stolen GitHub Credentials Used to Push Fake Dependabot Commits Threat actors have been using stolen GitHub personal access tokens to push malicious code posing as Dependabot contributions. Ionut ArghireSeptember 27, 2023
Artificial Intelligence Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. Ryan NaraineSeptember 18, 2023