Security News

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access
2024-10-16 05:06

GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability,...

GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks
2024-10-11 17:13

A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver...

Clever 'GitHub Scanner' campaign abusing repos to push malware
2024-09-19 11:07

A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A...

GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code
2024-09-06 15:03

Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically...

GitHub comments abused to push password stealing malware masked as fixes
2024-08-31 15:21

GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. [...]

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
2024-08-22 12:19

A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents....

GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges
2024-08-22 04:48

GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges....

You probably want to patch this critical GitHub Enterprise Server bug now
2024-08-21 23:15

Unless you're cool with an unauthorized criminal enjoying admin privileges to comb through your code A critical bug in GitHub Enterprise Server could allow an attacker to gain unauthorized access...

GitHub Enterprise Server vulnerable to critical auth bypass flaw
2024-08-21 14:15

A critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to gain administrator privileges on the machine. [...]

GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover
2024-08-15 06:47

A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments."A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume," Palo Alto Networks Unit 42 researcher Yaron Avital said in a report published this week.