News

heise online

Attack via GitHub MCP server: Access to private data

A blog post by AI security company Invariant Labs shows that the official GitHub MCP server (Model Context Protocol) can invite prompt injection attacks. In a proof of concept, an attacker used a ...
SecurityWeek

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets

A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of secrets.
InfoWorld

GitHub launches Remote MCP server in public preview to power AI-driven developer workflows

With secure OAuth support and real-time repo access, the tool is designed to modernize AI assistant integration in enterprise workflows. GitHub has unveiled its Remote MCP server in public preview, ...
Hackaday

Carry A Git Server In Your Pocket

We love using Git for its superior version control. We often host our more advanced projects in a public Github repository. But the bulk of our little experiments are simply local repos. This is fine ...
Security Boulevard

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...

GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign

Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...
TheServerSide

How to Git started and use the Github Desktop app tool

The GitHub Desktop app download and setup process is straightforward. It's a 77 MB download, and the .exe file will install quickly into the C:\Program Files folder. A GitHub Desktop setup screen will ...