The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.
Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows ...
On May 19 GitHub confirmed the security breach across its social media channels, verifying that there was unauthorized access to internal repositories and stating that it was monitoring the situation ...
CISA GitHub credential leak exposed AWS GovCloud admin keys, plaintext passwords, and an RSA private key for six months via a ...
A new report in Security Week warns about a cyberattack that infected 5,561 GitHub open-source repositories with malware.
On the night of May 22, 2026, an unidentified attacker with push access to the Laravel-Lang GitHub organization rewrote every existing version tag across four widely used PHP localization packages — ...
Following every major outage there is discussion of GitHub alternatives, with some organizations moving to self-hosted code repositories and/or CI/CD. GitHub is sticky though, par ...
A malicious npm package has been caught leaking its own hardcoded GitHub token, a blunder that let researchers watch the operator's data theft unfold from the inside. The package, named ...
Morning Overview on MSN
Hackers just hit @antv inside wave 4 of the TeamPCP worm — the same crew that walked off with 3,800 of GitHub’s internal repositories two weeks ago
Sometime in late May 2026, a poisoned update slipped into the @antv family of JavaScript visualization libraries, the ...
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an ...
Malicious npm package downloaded 676 times stole Claude AI files via GitHub uploads, increasing AI-driven malware risks.
Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results