News
Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.
Code hosting service GitHub has updated its platform this week, and among the many developer-centric changes, the company also rolled out three new security features for project owners. The most ...
A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of ...
Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to ...
The Technology Modernization Fund Board will invest a total of $94.8 million in three projects increasing network security for critical services at separate agencies. “This Administration is on a path ...
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...
Sysdig exposed how a trusted GitHub feature can silently hand control to attackers pull_request_target isn’t just risky, it’s a loaded weapon in the wrong hands Even top-tier security projects like ...
GitHub also announces CodeQL support for Ruby programming language and coverage/risk overviews to help users secure the software development lifecycle. GitHub has announced new security features ...
Since the Dependency Graph feature is intertwined with the Security Alerts (Vulnerability Alerts) feature, this also means GitHub users will also be eligible to receive automatic security alerts for ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback