Bleeping Computer

GitHub tightens npm security with mandatory 2FA, access tokens

GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently. The attacks led to the compromise of thousands of accounts and ...
Bleeping Computer

A mishandled GitHub token exposed Mercedes-Benz source code

A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. Mercedes-Benz is a prestigious German car, bus, and truck ...
GIGAZINE

GitHub Hacked, Desktop App Needs Update

GitHub reported that it detected unauthorized intrusion into repositories related to ' GitHub Desktop ' and ' Atom '. GitHub has invalidated the certificate and is calling for users of GitHub Desktop ...
SecurityWeek

GitHub Boosting Security in Response to NPM Supply Chain Attacks

In the light of recent supply chain attacks targeting the NPM ecosystem, GitHub will implement tighter authentication and ...

Salesloft says Drift customer data thefts linked to March GitHub account hack

The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the breach.