GitHub
-
Blog
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka “LDAPNightmare”) on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. The tactic isn’t novel, as there have been multiple documented cases of malicious tools disguised as PoC exploits on GitHub. However, this case, discovered by Trend Micro, highlights that threat actors continue to use the…
Read More » -
Blog
Over 3.1 million fake “stars” on GitHub projects used to boost rankings
GitHub has a problem with inauthentic “stars” used to artificially inflate the popularity of scam and malware distribution repositories to appear more popular, helping them reach more unsuspecting users. Stars are similar to “Like” buttons on social media sites, allowing GitHub users to favorite a repository. GitHub uses the stars as part of a global ranking system and to show you related…
Read More » -
Blog
GitHub just launched a new free tier for its Copilot coding assistant – but only for a select group of developers
GitHub has launched a new free tier of its Copilot AI coding assistant for developers using the Visual Studio Code (VS Code) developer environment. There are limitations, however, and the free offer is intended for occasional users rather than full-time developers, which currently pay $10 a month for access to the AI-powered tool. The offer includes 2,000 code completions and…
Read More » -
Blog
GitHub says Copilot improves code quality – but are AI coding tools actually producing results for developers?
Software development has frequently been identified as an area ripe for improvement through generative AI adoption, but a recent study has challenged perceptions around how beneficial AI coding tools are for developers. The data science team at software development specialists Uplevel looked into the impact generative AI coding assistants are having on the efficiency and efficacy of developers. The investigation…
Read More » -
Blog
GitHub projects targeted with malicious commits to frame researcher
GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and machine learning startup, was targeted in the attack, which has left many wondering about the attacker’s true intentions. ‘Innocent looking PR’ caught injecting backdoor On Tuesday, Alex Cheema, co-founder of EXO Labs warned everyone…
Read More » -
Blog
Python just brushed past JavaScript to become the most popular programming language on GitHub – and a key factor is that AI developers love it
Python has overtaken JavaScript to become the most popular programming language on GitHub, according to new figures released by the firm, largely thanks to the rise of machine learning and generative AI. The coding platform revealed that there are now 518 million projects on GitHub, up by a quarter year-on-year, with 5.2 billion contributions to projects over the course of…
Read More » -
Blog
“There is no one model to rule every scenario”: GitHub will now let developers use AI models from Anthropic, Google, and OpenAI
GitHub Copilot is going multi-model, with the company unveiling a raft of new options for developers to draw from. Developers will now have the option of using Anthropic’s Claude 3.5 Sonnet, Google’s Gemini 1.5 Pro, and OpenAI’s GPT-4o, o1-preview, and o1-mini. They can either go with Copilot’s default, or toggle between models during a conversation with Copilot Chat about the…
Read More » -
Blog
Winamp’s Code Pulled From GitHub Following Messy Release
The open-source release of Winamp, a popular audio player, has gone particularly badly. It has been deleted from GitHub, possibly due to the controversy and confusion surrounding it. Llama Group, the current owner of Winamp, released the source code in September 2024. After many issues, Llama Group deleted the entire Winamp repository from GitHub. This comes after a lot of…
Read More » -
Blog
New GitHub rules mean users can store code and repository data in the EU
GitHub has unveiled a data residency feature for its Enterprise Cloud service that will allow users to control what regions their code is stored in. The feature will be generally available in the European Union (EU) from October 29 to begin with, and GitHub confirmed the option will be made available to users in Australia, Asia, and Latin America in…
Read More » -
Blog
GitHub comments abused to push password stealing malware masked as fixes
GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. The campaign was first reported by a contributor to the teloxide rust library, who noted on Reddit that they received five different comments in their GitHub issues that pretended to be fixes but were instead pushing malware. Further review by BleepingComputer found thousands of…
Read More »