Over the past two years, generative AI has helped accelerate what programmers can do. Now, GitHub is giving them even more tools. On Monday, the company launched a technical preview of GitHub Copilot …
Mercedes Source Code Exposed by Leaked GitHub Token
RedHunt Labs recently reported that a Mercedes-Benz employee leaked a GitHub token that provided unrestricted access to Mercedes source code stored in an Internal GitHub Enterprise Server. The breach …
Continue Reading about Mercedes Source Code Exposed by Leaked GitHub Token
Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack
Tens of thousands of public GitHub repositories are vulnerable to malicious code injection via self-hosted GitHub Actions runners, which could lead to high-impact supply chain attacks, security …
GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks
On Wednesday, software development giant GitHub announced an enhancement to its secret scanning feature, now allowing users to check the validity of exposed credentials for major cloud services. The …
Continue Reading about GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks
Q&A: GitHub CEO Thomas Dohmke talks AI, supercharging productivity, and the future of software
GitHub CEO Thomas Dohmke is right on the front line of artificial intelligence. GitHub, a software development platform, has been leading the charge in a key area that generative AI will completely …
Microsoft AI researchers accidentally exposed terabytes of internal sensitive data
Microsoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords, while publishing a storage bucket of open source training data on GitHub. In …
GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees
GitHub observed a North Korean threat actor targeting technology firm employees in a new low-volume social engineering campaign. The hackers invite certain employees to collaborate on GitHub …
Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits
VulnCheck discovered fake security researcher accounts sharing malware disguised as zer0-day exploits for Chrome, Discord, Signal, Whatsapp, and Exchange. The fake accounts mainly operated on GitHub …
Crypto Custody Firm Copper Alerted to Security ‘Incident’ Over Christmas
Cryptocurrency custody provider Copper was alerted to a security issue over the Christmas period in December involving the company’s GitHub repository, which contains a blueprint for how the firm …
Continue Reading about Crypto Custody Firm Copper Alerted to Security ‘Incident’ Over Christmas
GitHub Confirms Signing Certificates Stolen in Cyber-Attack, Revokes Them
On Monday, GitHub confirmed that threat actors stole digital certificates used for applications such as Desktop and Atom in a cyberattack that occurred in December 2022. GitHub stated that it …
Continue Reading about GitHub Confirms Signing Certificates Stolen in Cyber-Attack, Revokes Them