CSOonline

Major GitHub repos leak access tokens putting code and clouds at risk

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure. An analysis of build ...
InfoWorld

GitHub Enterprise adds anonymous Git access, improves configuration visibility

Version 2.14 of GitHub Enterprise, the behind-the-firewall version of GitHub’s code-sharing platform tuned for businesses, improvement configuration visibility and adds anonymous Git read access.
Bleeping Computer

Clever 'GitHub Scanner' campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to ...
ZDNet

GitHub starts blocking developers in countries facing US trade sanctions

There's a debate over free speech taking place after Microsoft-owned GitHub "restricted" the account of a developer based in the Crimea region of Ukraine, who used the service to host his website and ...
CoinTelegraph

Solana bot scam on GitHub steals crypto from users

A fake GitHub repository posing as a Solana trading bot was used to distribute obscured malware that stole crypto wallet credentials, according to cybersecurity firm SlowMist. A GitHub repository ...
InfoWorld

Git smart! 20 essential tips for Git and GitHub users

While there are dozens of get-started guides for Git and users of GitHub see a “pro tip” every time they refresh GitHub.com, it’s still not easy to find a collection of useful tips for developers who ...