github
117 articles with this tag
HIGH
HIGH
HIGH
CRITICAL
CRITICAL
INFO
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
INFO
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
CRITICAL
HIGH
CRITICAL
HIGH
HIGH
HIGH
INFO
CRITICAL
INFO
HIGH
MEDIUM
MEDIUM
HIGH
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
INFO
HIGH
MEDIUM
MEDIUM
INFO
CRITICAL
MEDIUM
HIGH
HIGH
CRITICAL
HIGH
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
HIGH
HIGH
CRITICAL
MEDIUM
HIGH
HIGH
INFO
INFO
HIGH
LOW
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
LOW
INFO
INFO
LOW
MEDIUM
INFO
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
INFO
MEDIUM
HIGH
CRITICAL
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
LOW
HIGH
Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
Laravel Lang Supply Chain Advisory
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet... - SWN #583
HOW CISA leaked public passwords
Megalodon chums the waters in 5.5K+ GitHub repo poisonings
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
A hacker group is poisoning open source code at an unprecedented scale
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
FCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! - PSW #927
VS Code WARNING: 3800 repos hacked
Senator urges classified briefing after CISA data leak on GitHub
GitHub Actions Cache Poisoning is eating open source
GitHub ~3,800 internal repos compromised through a malicious VS Code extension
Grafana Labs Says Code Breach Stemmed from TanStack Attack
CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection
GitHub links repo breach to TanStack npm supply-chain attack
GitHub Confirms Breach, 4K Internal Repos Stolen
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
GitHub says internal repositories were taken in poisoned VS Code extension attack
GitHub hit by a compromised VSCode extension
GitHub confirms breach of 3,800 repos via malicious VSCode extension
Risky Business #838 -- GitHub investigates possible breach
GitHub investigates internal repositories breach claimed by TeamPCP
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
CISA credential leak raises alarms, and Capitol Hill demands answers
In stunning display of stupid, secret CISA credentials found in public GitHub repo
America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames
GitHub scales back bug bounties, reminds users security is their responsibility too
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
AI might cut false positives, but it won’t stop the slop
CISA Admin Leaked AWS GovCloud Keys on Github
Grafana Labs discloses GitHub environment breach, source code downloaded
TanStack Supply Chain Attack (And How to Lock Down GitHub Actions)
Attackers accessed, downloaded code from Grafana Labs’ GitHub
Grafana Confirms Breach After Hackers Claim They Stole Data
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Hunting the Behavior Behind npm Supply Chain Attacks
Trusted by default: The npm attack pattern security teams miss
Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub
Risky Business #837 -- GitHub Actions footgun claims TanStack
CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
SailPoint GitHub repo hit by third-party cyberattack
SailPoint Discloses GitHub Repository Hack
NHS to close-source hundreds of GitHub repos over AI, security concerns
Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
Cloned, Loaded, and Stolen: How 109 Fake GitHub Repositories Delivered SmartLoader and StealC
Google: Addressing max severity Gemini CLI bug may require further action
EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
GitHub vulnerability CVE-2026-3854 allows code execution with a single git push
GitHub: Woah, a genuinely helpful AI-assisted bug report that isn't total slop. Here, Wiz, take this wad of cash
GitHub fixes RCE flaw that gave access to millions of private repos
Critical GitHub RCE bug exposed millions of repositories
Critical GitHub Vulnerability Exposed Millions of Repositories
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
CI/CD pipeline abuse: the problem no one is watching
Ongoing supply-chain attack 'explicitly targeting' security, dev tools
Scylla &Charybdis, Kyber, Trigonia, Namastex, GitHub, Crypto, Cables, Aaran Leyland - SWN #575
Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions
CVE-2026-32631 GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes
Are you thinking about software supply chain attacks? #hacker @endingwithali #cybersecurity
GitHub lays out copyright liability changes and upcoming DMCA review for developers
Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users
Two Admin-level API keys publicly exposed for years, both dismissed as "Out of scope" by official bug bounty programs. Case analysis + proposed NHI Exposure Severity Index
29 million leaked secrets in 2025: Why AI agents credentials are out of control
Renovate & Dependabot: The New Malware Delivery System
OpenClaw gives users yet another reason to be freaked out about security
Using undocumented AWS CodeBuild endpoints to extract privileged tokens from AWS CodeConnections allowing lateral movement and privilege escalation through an organisation's codebase
Claude Code leak used to push infostealer malware on GitHub
Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure
Cisco source code stolen in Trivy-linked dev environment breach
Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise
Microsoft Copilot is now injecting ads into pull requests on GitHub
AI frenzy feeds credential chaos, secrets spread through code, tools, and infrastructure
GitHub adds AI-powered bug detection to expand security coverage
We scanned 900 MCP configs on GitHub. 75% had security problems.
GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead
GitHub leans on hybrid detection model to expand vulnerability coverage
Agent skill marketplace supply chain attack: 121 skills across 7 repos vulnerable to GitHub username hijacking, 5 scanners disagree by 10x on malicious skill rates (arXiv:2603.16572)
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets Attackers
From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
The rise of malicious repositories on GitHub
Supply-chain attack using invisible code hits GitHub and other repositories
Secrets are Rare not Random
Xygeni GitHub Action Compromised Via Tag Poison
Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
NCSC-2026-0067 [1.00] [M/H] Kwetsbaarheden verholpen in GitHub Enterprise Server
How “Clinejection” Turned an AI Bot into a Supply Chain Attack
[NEU] [hoch] Microsoft GitHub Enterprise Server: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
Compromising Cline's Production Releases just by Prompting an Issue Triager
Leaking secrets from the claud: AI coding tools are leaking secrets via configuration directories
Open source maintainers being targeted by AI agent as part of ‘reputation farming’
[Analysis] Massive Active GitHub Malware Campaign | Hundreds of Malicious Repositories Identified