Bleeping Computer

GitHub expands security tools after 39 million secrets leaked in 2024

GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.
Infosecurity-magazine.com

Nearly 13 Million Secrets Spilled Via Public GitHub Repositories

Developers accidentally leaked 12.8 million secrets on public GitHub repositories in 2023, a 28% increase on the previous year, according to a new report from GitGuardian. The security vendor claimed ...
TechRepublic

GitHub Universe: Open Source Trends Report and New AI Security Products

GitHub Universe: Open Source Trends Report and New AI Security Products Your email has been sent GitHub Advanced Security gains AI features, and GitHub Copilot now includes a chatbot option. GitHub ...
VentureBeat

Microsoft adds 'critical' feature for GitHub security

A deeper integration between Microsoft Sentinel and GitHub is a win for application security, marking a major step toward helping companies address security challenges in the software supply chain, ...
TechCrunch

JFrog deepens its partnership with GitHub, launches runtime security service

Earlier this year, software supply chain platform (and binary specialist) JFrog announced a partnership with GitHub that, among other things, allowed developers and the teams that support them to ...
ZDNet

GitHub calls for contributions to new cybersecurity Advisory Database

GitHub announced on Tuesday that their Advisory Database for security data is now open to contributions from experts. GitHub senior product manager Kate Catlin explained that the company has teams of ...
CSOonline

GitHub makes Advisory Database public to improve software supply chain security

Researchers, academics, and enthusiasts can now contribute to and benefit from free, open-source security data on software supply chain vulnerabilities. Software development platform GitHub has made ...
Bleeping Computer

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. The malicious ...
CSOonline

GitHub releases new SDLC security features including private vulnerability reporting

GitHub also announces CodeQL support for Ruby programming language and coverage/risk overviews to help users secure the software development lifecycle. GitHub has announced new security features ...
TechRepublic

GitHub rolling out two-factor authentication to millions of users

GitHub rolling out two-factor authentication to millions of users Your email has been sent GitHub, used by the majority of major tech companies, has announced that it is rolling out 2FA. Acknowledging ...