Bleeping Computer

GitHub tightens npm security with mandatory 2FA, access tokens

GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently. The attacks led to the compromise of thousands of accounts and ...
Bleeping Computer

A mishandled GitHub token exposed Mercedes-Benz source code

A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. Mercedes-Benz is a prestigious German car, bus, and truck ...