CSOonline

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack. The way build ...
CoinTelegraph

Hackers are making fake GitHub projects to steal crypto: Kaspersky

Kaspersky found that at least one victim lost 5 Bitcoin, worth around $442,000, to a malware-riddled fake project in November. Hackers are creating hundreds of fake GitHub projects aiming to dupe ...
CSOonline

Most popular generative AI projects on GitHub are the least secure

Researchers use the OpenSSF Scorecard to measure the security of the 50 most popular generative AI large language model projects on GitHub. Researchers from software supply chain security firm ...
ZDNet

Over 100,000 GitHub repos have leaked API or cryptographic keys

A scan of billions of files from 13 percent of all GitHub public repositories over a period of six months has revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with ...
The Verge

Nintendo has reportedly shut down Ryujinx, the Switch emulator that was supposedly immune

The main competitor to Yuzu, previously shuttered by Nintendo, is now gone too. The main competitor to Yuzu, previously shuttered by Nintendo, is now gone too. is a senior editor and founding member ...
TheServerSide

Why GitHub renamed its master branch to main

Since its inception, the Git DVCS tool's default branch name was set to master. Every Git repository had a master branch unless a developer took explicit steps to remove it, which was rarely ever done ...