GitHub ghost accounts and exposed PATs scrape corporate orgs through the API, with select cases cloning private repos.
Unknown attackers compromised Injective Labs' GitHub repo to publish npm package 1.20.21, which steals wallet private keys ...
In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.
After publicly touting pull request limits as a way to cut maintainer noise, GitHub is taking the same idea further with a new setting that lets repository admins restrict issue creation to ...
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
ActiveState explains how GitHub Actions attack chains can evade traditional CI security scanners, why passing a scan doesn't ...