A massive supply chain attack dubbed Megalodon has infected over 5,500 GitHub repositories with credential-stealing malware, ...

GitHub has announced that its enterprise-focused secret scanning tool for private repositories is now generally available. The Microsoft-owned code-hosting platform first debuted secret scanning for ...

Somewhere inside GitHub, a developer installed a Visual Studio Code extension. It looked like any other productivity plugin ...

Security researchers say 5,500 GitHub repositories have been affected by the attack.

GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Exposing hard-coded credentials and sensitive secrets through public code repositories has been a major security risk for organizations for years, with over 10 million new instances of credential ...

GitHub has announced that its secret scanning alerts service is now generally available to all public repositories and can be enabled to detect leaked secrets across an entire publishing history.

GitHub, the world's biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) extension. The company's initial assessment is that only internal repositories ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

GitHub is rolling out support for the free scanning of exposed secrets (such as credentials and auth tokens) to all public repositories on its code hosting platform. Secret scanning is a security ...

The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.