ZDNet

Google to GitHub: Time's up – this unfixed 'high-severity' security bug affects developers

Google Project Zero, the Google security team that finds bugs in all popular software, has disclosed what it classes a high-severity flaw on GitHub after the code-hosting site asked for a double ...
ZDNet

GitHub launches 'Security Lab' to help secure open source ecosystem

Today, at the GitHub Universe developer conference, GitHub announced the launch of a new community program called Security Lab that brings together security researchers from different organizations to ...
Dark Reading

35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?

A hacker going by the handle "Pl0xP" cloned a large number of GitHub repositories and slightly changed the cloned repository names, in a typosquatting effort to impersonate legitimate projects — thus ...
Bleeping Computer

JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens

JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens. Tracked as ...
Infosecurity-magazine.com

Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise

A recent supply chain attack that compromised the popular tj-actions/changed-files GitHub action has left a trail of digital destruction, affecting 218 GitHub repositories. As investigators dig deeper ...
Wired

GitHub Takes Aim at Open Source Software Vulnerabilities

Open source software has the potential to be very secure. Unlike proprietary code that can only be accessed directly by its own developers, anyone can vet open source projects to spot flaws and bugs.
CoinDesk

Hackers Are Using Fake GitHub Code to Steal Your Bitcoin: Kaspersky

The GitHub code you use to build a trendy application or patch existing bugs might just be used to steal your bitcoin BTC $87,322.39 or other crypto holdings, according to a Kaspersky report. GitHub ...