GitHub

A lesser-known feature of Git, Dubbed "Commit Stomping," this technique allows users to manipulate commit timestamps, potentially disguising malicious or unauthorized changes in a repository’s history. While not a bug or vulnerability, Commit Stomping...

A notable increase in malicious scanning for exposed Git configuration files has been observed, posing significant risks of codebase theft and credential exposure for organizations around the globe. Security researchers at GreyNoise Intelligence have documented...

A new Remote Access Trojan (RAT) called Sakura has been published on GitHub. Due to its sophisticated anti-detection capabilities and comprehensive system control features, Sakura is raising significant concerns in the cybersecurity community. The malware,...

GitHub has revealed that over 39 million secrets were leaked across its platform in 2024 alone, prompting the company to launch new security tools to combat this persistent threat.  The exposed secrets include API keys,...

A significant vulnerability in GitHub's CodeQL actions could have permitted attackers to execute malicious code across hundreds of thousands of repositories.  The vulnerability, assigned CVE-2025-24362, originated from a publicly exposed GitHub token in workflow artifacts...

A widespread phishing campaign is currently targeting GitHub repositories with fake security alerts, potentially compromising thousands of developer accounts.  Cybersecurity experts warn that these sophisticated attacks could grant hackers complete control over victims' code repositories...

CISA warns of a critical vulnerability affecting the popular GitHub Action "tj-actions/changed-files" to its Known Exploited Vulnerabilities Catalog.  The supply chain attack, tracked as CVE-2025-30066 with a CVSS score of 8.6, potentially exposed sensitive CI/CD...

A sophisticated malware campaign leveraging artificial intelligence to create deceptive GitHub repositories has been observed distributing SmartLoader payloads that ultimately deploy Lumma Stealer, a dangerous information-stealing malware.  This operation exploits GitHub’s trusted reputation to bypass...

GitHub has unveiled groundbreaking applications of its AI-powered coding assistant, Copilot, specifically tailored for security professionals analyzing system logs and operational data.  The tool now demonstrates unprecedented capabilities in parsing security event information, identifying...

A sophisticated malware operation exploiting GitHub's repository system has been uncovered, leveraging fake software cracks and gaming mods to deploy the Redox information stealer across 1,100+ repositories.  The campaign utilizes social engineering tactics and code...