Security News

Acuity confirms hackers stole non-sensitive govt data from GitHub repos
2024-04-05 15:32

Acuity, a federal contractor that works with U.S. government agencies, has confirmed that hackers breached its GitHub repositories and stole documents containing old and non-sensitive data. Acuity is a tech consulting firm with almost 400 employees and a $100+ million annual revenue that provides DevSecOps, cyber security, data analytics, and operations support services to federal civilian national security customers.

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others
2024-03-25 11:58

Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord...

GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws
2024-03-21 10:30

GitHub on Wednesday announced that it's making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort...

GitHub’s new AI-powered tool auto-fixes vulnerabilities in your code
2024-03-20 18:52

GitHub introduced a new AI-powered feature capable of speeding up vulnerability fixes while coding. Known as Code Scanning Autofix and powered by GitHub Copilot and CodeQL, it helps deal with over 90% of alert types in JavaScript, Typescript, Java, and Python.

Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer
2024-03-16 12:31

Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro. The campaign, codenamed gitgub,...

90% of exposed secrets on GitHub remain active for at least five days
2024-03-15 05:30

12.8 million new secrets occurrences were leaked publicly on GitHub in 2023, +28% compared to 2022, according to GitGuardian. Remarkably, the incidence of publicly exposed secrets has quadrupled since the company started reporting in 2021.

Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHub
2024-03-13 09:43

A new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java-based downloader. “The attackers stored malware on public...

Over 12 million auth secrets and keys leaked on GitHub in 2023
2024-03-12 15:23

GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. In terms of which sectors leaked the most secrets, IT tops the list with the lion's share of 65.9%, followed by education with a notable 20.1%, and all others combined accounting for 14%. GitGuardian's generic detectors, which caught about 45% of all secrets the firm detected in 2023, are analyzed as follows.

GitHub push protection now on by default for public repositories
2024-03-04 14:10

GitHub push protection - a security feature aimed at preventing secrets such as API keys or tokens getting accidentally leaked online - is being switched on by default for all public repositories.Since the beginning of this year, GitHub has detected over 1 million leaked secrets on public repositories, the company also shared.

GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories
2024-03-01 05:29

GitHub on Thursday announced that it’s enabling secret scanning push protection by default for all pushes to public repositories. “This means that when a supported secret is detected in any push...