New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...
Windows Report

New VS Code Zero-Day Lets Attackers Access Private GitHub Repositories

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...
Windows Report

GitHub Confirms Breach After Malicious VS Code Extension Exposed 3,800 Repositories

GitHub confirmed a breach affecting about 3,800 internal repositories after an employee installed a malicious VS Code ...

Malicious npm package targeting OpenAI Codex users steals authentication tokens

The tool gathered over 29,000 downloads before the malicious npm package was identified ...
Infosecurity-magazine.com

GitHub to Enforce Two-Factor Authentication

A code-hosting platform used by tens of millions of software developers worldwide is implementing mandatory two-factor authentication (2FA) for all code contributors. In an announcement shared earlier ...
Bleeping Computer

GitHub to require all users to enable 2FA by the end of 2023

Two-factor authentication increases the security of accounts by introducing an additional step in the login process that requires entering a one-time code. For GitHub users, account takeovers can lead ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.