GitHub’s new tool helps prevent costly open-source license violations
GitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependen...
20 articles
GitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependen...
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands a...
Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute...
A critical security vulnerability, identified as CVE-2026-50160, has been discovered in the self-hosted Hoppscotch backend. This vulnerability allows unauthe...
A malicious GitHub repository can silently compromise a developer’s machine without containing a single line of malicious code, security researchers at Mozil...
An agentic coding tool tasked with running a seemingly benign GitHub repository could execute a malicious payload that is invisible to both security agents a...
A critical server-side template injection (SSTI) vulnerability in FOSSBilling, tracked as CVE-2026-28496, is exposing instances to potential full database co...
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that ...
View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths. The following versi...
View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths. The following versi...
Grafana Labs has confirmed that a recent supply chain attack involving the TanStack npm ecosystem resulted in the cloning of its internal GitHub repositories...
GitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "...
A pervasive CI/CD vulnerability pattern dubbed “Cordyceps” reveals a supply chain vulnerability that lets unauthenticated attackers seize control of Git-base...
Stung by a surge in cyberattacks that have run amok in developer environments, GitHub has strengthened the security of actions/checkout to block ‘pwn request...
Webshells have been popular for a long time. We already covered this topic across multiple diaries[1][2].
GitHub has implemented a major security enhancement in its Actions ecosystem with the release of actions/checkout v7, which aims to address a long-standing c...
A large-scale malware distribution campaign utilizing GitHub repositories has been uncovered. This coordinated effort weaponized over 10,000 repositories to ...
A Rust crypto clipper hides behind fake GitHub stars and AI-narrated YouTube videos
42Crunch has announced the availability of the 42Crunch API Security Testing Plugin for GitHub Copilot. This latest advance enables developers to continuousl...
GitBait phishing kit abuses GitHub Pages and the SheetBest API to steal Mexican banking credentials