Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...

The GlassWorm malware has reared its ugly head again in the Open VSX registry, roughly two weeks after being removed.

Wiz has analyzed GitHub repositories pertaining to the world’s largest AI companies and found that many had leaked verified ...

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...

AI companies have had a pretty rocky history with cybersecurity and data privacy, and new research from Wiz shows this still ...

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...

Security biz Wiz says 65% of top AI businesses leak keys and tokens Leading AI companies turn out to be no better at keeping ...

GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. This unsafe ...

A surge in supply chain attacks has put open-source software risk, prompting GitHub to strengthen security across its npm ecosystem. The company, which operates the world’s largest code repository, is ...

Two separate research studies have found companies are leaking information on GitHub, and the site itself is being targeted.

GitHub has revealed that service disruption in December was due to it rotating credentials after the discovery of a high-severity bug, and warned that some customers may need to take additional action ...

Earlier this year, software supply chain platform (and binary specialist) JFrog announced a partnership with GitHub that, among other things, allowed developers and the teams that support them to ...