Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...

Research by Wiz shows that industry titans, with combined valuations exceeding $400 billion, have left the equivalent of ...

攻击者通过被入侵的GitHub账号，向开发者发送高度仿真的钓鱼邮件，诱导其交出个人访问令牌（PAT）甚至整个账户控制权。更令人担忧的是，这些邮件并非来自可疑域名或伪造发件人，而是从GitHub官方服务器发出，带有合法的DKIM签名和标准SMTP头信息，几乎能够绕过所有传统邮件安全网关。这场针对软件供应链的“精准围猎”正在悄然上演。

Two separate research studies have found companies are leaking information on GitHub, and the site itself is being targeted.

Wiz has analyzed GitHub repositories pertaining to the world’s largest AI companies and found that many had leaked verified ...

The GlassWorm malware has reared its ugly head again in the Open VSX registry, roughly two weeks after being removed.

GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and ...

AI companies have had a pretty rocky history with cybersecurity and data privacy, and new research from Wiz shows this still ...

Earlier this year, software supply chain platform (and binary specialist) JFrog announced a partnership with GitHub that, among other things, allowed developers and the teams that support them to ...

GitHub’s AI agents in Copilot promise faster delivery, but enterprises need guardrails and access policies to avoid uneven ...

GitHub has rotated its private SSH key for GitHub.com after the secret was was accidentally published in a public GitHub repository. The software development and version control service says, the ...

The timing of the Octoverse 2025 report release during the conference proved strategic, as it provided attendees with ...