GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations. The attacker used stolen OAuth ...

GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, ...

External authentication providers were enabled in netlify-cms version 0.4.3. Check your web console to see your netlify-cms version. netlify-cms has its own github OAuth client. This implementation ...

Salesforce-owned PaaS vendor Heroku and GitHub have both warned that compromised OAuth user tokens were likely used to download private data from organizations using Heroku and continuous integration ...

If a user reports that they cannot see resources owned by their organization after authorizing your GitHub App and the organization uses SAML SSO, instruct the user to start an active SAML session for ...

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...

Heroku has alerted a "subset" of its users that it is going to reset their passwords on May 4 unless they change passwords beforehand. In resetting the password, the company is warning that existing ...

A Russian researcher was able to take five low severity OAuth bugs and string them together to create what he calls a “simple but high severity exploit” in Github. A Russian security researcher was ...

A phishing campaign on GitHub with fake security alerts has attempted to trick about 12,000 developers into installing a malicious OAuth app. This app then allows hackers to gain full access and ...

The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the breach.