The Hacker News

Npm Package Targeting GitHub-Owned Repositories Flagged as Red Team Exercise

Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...
Homeland Security Today

Alexis Wales Appointed Chief Information Security Officer at GitHub

Alexis Wales has been named Chief Information Security Officer (CISO) at GitHub according to an announcement on her LinkedIn profile, further solidifying her leadership role in the tech industry’s ...
SiliconANGLE

GitHub adds more security and automation features to Enterprise Server

Microsoft Corp.’s GitHub unit today updated its GitHub Enterprise Server platform with an array of new features designed to streamline software development projects. GitHub, which was acquired by ...
CSOonline

GitHub accounts targeted with fake security alerts

In a new phishing campaign, GitHub developers are being targeted with fake “Security Alerts” where they are prompted to authorize a malicious OAuth application. Successful execution of the Click-fix ...
Security

GitHub Advanced Security integrates Endor Labs for end-to-end application security

Endor Labs today announced a critical partnership with GitHub, the platform for software developers to create and share code. In an environment where the number of Common Vulnerabilities and Exposures ...
Cryptopolitan on MSN

Malicious VS Code extensions resurface, stealing GitHub credentials and crypto wallets

Developers will have to contend with a dormant turned active malicious code on Visual Studio Code (VS Code) extensions, which ...
ZDNet

GitHub calls for contributions to new cybersecurity Advisory Database

GitHub announced on Tuesday that their Advisory Database for security data is now open to contributions from experts. GitHub senior product manager Kate Catlin explained that the company has teams of ...
The Hacker News

GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs

Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code ...
Infosecurity-magazine.com

GitHub Confirms Signing Certificates Stolen in Cyber-Attack, Revokes Them

GitHub confirmed on Monday that threat actors stole three digital certificates used for its Desktop and Atom applications during a cyber-attack in December 2022. Writing in a blog post, the company ...
CoinTelegraph

How cybercriminals use YouTube and GitHub to spread crypto malware

In the ever-evolving landscape of cyber threats, two platforms traditionally viewed as safe spaces for content creation, learning and open-source collaboration have become targets for distributing ...
The Register on MSN

AI companies keep publishing private API keys to GitHub

Security biz Wiz says 65% of top AI businesses leak keys and tokens Leading AI companies turn out to be no better at keeping ...
Dark Reading

Lessons From the GitHub Cybersecurity Breach

No one likes to hear the B-word: breach. Developers definitely don't want to hear that word in relation to a platform they use day in and day out. When GitHub revealed details about a security breach ...