Security News

GitHub Secure Open Source Fund: Project maintainers, apply now!
2024-11-20 13:38

GitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and sustainability of their...

GitHub projects targeted with malicious commits to frame researcher
2024-11-16 15:30

GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and...

GoIssue phishing tool targets GitHub developer credentials
2024-11-13 13:36

Researchers discovered GoIssue, a new phishing tool targeting GitHub users, designed to extract email addresses from public profiles and launch mass email attacks. Marketed on a cybercrime forum,...

New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns
2024-11-12 14:00

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed...

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access
2024-10-16 05:06

GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability,...

GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks
2024-10-11 17:13

A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver...

Clever 'GitHub Scanner' campaign abusing repos to push malware
2024-09-19 11:07

A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A...

GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code
2024-09-06 15:03

Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically...

GitHub comments abused to push password stealing malware masked as fixes
2024-08-31 15:21

GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. [...]

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
2024-08-22 12:19

A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents....