Thousands of open-source code repositories on GitHub could be vulnerable to an old exploit, according to a report from Aqua Security Software Ltd.’s Nautilus research team published this week. Aqua ...

GitHub has a ton of open source options for security professionals, with new entries every day. Add these tools to your collection and work smarter. Whether you are a sysadmin, a threat intel analyst, ...

Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. The malware delivery ...

A new phishing tool named “GoIssue” has surfaced on a cybercrime forum, posing a significant threat to GitHub users and the broader software development community. This tool enables cybercriminals to ...

Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack. The way build ...

Normally, when you upload a project to GitHub you're free to make revisions to that code at any time. In many cases, that makes sense—something that is under active development will usually need to be ...

A secretive network of around 3,000 “ghost” accounts on GitHub has quietly been manipulating pages on the code-hosting website to promote malware and phishing links, according to new research seen by ...

Researchers have uncovered an attack vector that affected GitHub open source projects owned by Google, Microsoft, Amazon Web Services, and others, executed by abusing artifacts generated as part of ...

Sysdig exposed how a trusted GitHub feature can silently hand control to attackers pull_request_target isn’t just risky, it’s a loaded weapon in the wrong hands Even top-tier security projects like ...

GitHub says its security scan for old vulnerabilities in JavaScript and Ruby libraries has turned up over four million bugs and sparked a major clean-up by project owners. The massive bug-find total ...