Cyber Daily

GitHub to address npm supply chain as CISA warns of spreading Shai-Hulud worm

Popular code repository GitHub is taking action against hackers targeting popular JavaScript code packages to spread malware.

GitHub is finally tightening up security around npm following multiple attacks

Following a number of recent high-profile attacks and hacking attempts, GitHub has decided to make substantial changes to the ...
Bleeping Computer

A mishandled GitHub token exposed Mercedes-Benz source code

A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. Mercedes-Benz is a prestigious German car, bus, and truck ...

GitHub tightens npm security with mandatory 2FA, access tokens

GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale ...
TheServerSide

How to use GitHub Actions secrets to hide your tokens and passwords example

Community driven content discussing all aspects of software development from DevOps to design patterns. One of the ongoing challenges DevOps professionals face when developing continuous integration ...
TechCrunch

Mintlify says customer GitHub tokens exposed in data breach

Documentation startup Mintlify says dozens of customers had GitHub tokens exposed in a data breach at the start of the month and publicly disclosed last week. Mintlify helps developers create ...
ZDNet

Hackers stole GitHub and GitLab OAuth tokens from Git analytics firm Waydev

Waydev, an analytics platform used by software companies, has disclosed a security breach earlier this month. The company says that hackers broke into its platform and stole GitHub and GitLab OAuth ...
Ars Technica

Hacking Slack accounts: As easy as searching GitHub

A surprisingly large number of developers are posting their Slack login credentials to GitHub and other public websites, a practice that in many cases allows anyone to surreptitiously eavesdrop on ...