The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...

The GlassWorm malware has reared its ugly head again in the Open VSX registry, roughly two weeks after being removed.

Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...

Research by Wiz shows that industry titans, with combined valuations exceeding $400 billion, have left the equivalent of ...

Two separate research studies have found companies are leaking information on GitHub, and the site itself is being targeted.

Wiz has analyzed GitHub repositories pertaining to the world’s largest AI companies and found that many had leaked verified ...

AI companies have had a pretty rocky history with cybersecurity and data privacy, and new research from Wiz shows this still ...

Developers treat GitHub Gists as a "paste everything" service, accidentally exposing secrets like API keys and tokens. BYOS lets you scan and monitor these blind spots.

Developers will have to contend with a dormant turned active malicious code on Visual Studio Code (VS Code) extensions, which ...

The timing of the Octoverse 2025 report release during the conference proved strategic, as it provided attendees with ...

Experts say the leaks highlight how fast-growing AI firms may be prioritizing innovation over basic DevSecOps hygiene, ...

Eficode announced today it has received GitHub's Security Services and Channel Partner of the Year Award for exceptional performance and commitment to their GitHub partnership. The Security Services ...