Hosted on MSN

GitHub supply chain attack spills secrets from 23,000 projects

It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack.… StepSecurity disclosed a compromise of the popular GitHub Action ...
Cyber Daily

GitHub to address npm supply chain as CISA warns of spreading Shai-Hulud worm

Popular code repository GitHub is taking action against hackers targeting popular JavaScript code packages to spread malware.
CSOonline

Python GitHub token leak shows binary files can burn developers too

Scrubbing tokens from source code is not enough, as shown by the publishing of a Python Software Foundation access token with administrator privileges to a container image on Docker Hub. A personal ...
InfoWorld

GitHub suffers a cascading supply chain attack compromising CI/CD secrets

A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The ...
Bleeping Computer

A mishandled GitHub token exposed Mercedes-Benz source code

A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. Mercedes-Benz is a prestigious German car, bus, and truck ...
Bleeping Computer

GitHub deprecates account passwords for authenticating Git operations

GitHub has announced today that account passwords will no longer be accepted for authenticating Git operations starting tomorrow. This change was first announced last year, in July, when GitHub said ...
TheServerSide

Was GitHub's password authentication removal an overstep?

Community driven content discussing all aspects of software development from DevOps to design patterns. I can’t help but think GitHub went a little too far with its removal of password based ...