GitHub
-
Blog
GitHub comments abused to push password stealing malware masked as fixes
GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. The campaign was first reported by a contributor to the teloxide rust library, who noted on Reddit that they received five different comments in their GitHub issues that pretended to be fixes but were instead pushing malware. Further review by BleepingComputer found thousands of…
Read More » -
Blog
GitHub Actions artifacts found leaking auth tokens in popular projects
Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. Attackers stealing these tokens could gain unauthorized access to private repositories, steal source code, or inject malicious code into projects. The discovery by Palo Alto Networks’ Unit 42 prompted action by owners of…
Read More » -
Blog
GitHub had a major outage, but now says its services are ‘fully operational’
GitHub, the popular code repository and developer platform, has recovered after dealing with some major issues on Wednesday that affected its website and many GitHub services. The company has rolled back changes to its database infrastructure that apparently caused the issues and says that services are now “fully operational,” according to a 8:26PM ET status message. GitHub was acquired by…
Read More » -
Blog
GitHub wants to stamp out software vulnerabilities once and for all: Copilot Autofix helps developers fix flaws three-times faster than manually
GitHub is set on eliminating insecure code with its new offering, Copilot Autofix, a tool designed to automate dealing with software vulnerabilities. Using AI, Autofix analyzes vulnerabilities in code, describes the importance of said vulnerabilities, and then presents users with suggestions to help developers fix each issue as it arises. GitHub found that developers were able to fix software vulnerabilities…
Read More »