GitHub now officially requires token-based authentication for its command line interface, third-party apps, and services that access Git repositories hosted on the platform. I've been writing about ...

GitHub says it notified all organizations believed to have had data stolen from their private repositories by attackers abusing compromised OAuth user tokens issued to Heroku and Travis-CI. "As of ...

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...

GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure. An analysis of build ...

Join the event trusted by enterprise leaders for nearly two decades. VB Transform brings together the people building real enterprise AI strategy. Learn more Last week, GitHub Security researchers ...

Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack against GitHub, dubbed ‘GhostAction’. The attack was spotted by security ...

GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts. Researchers at North Carolina State University (NCSU) found [PDF ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

There's no need to keep going to your browser or a desktop app, do all of your GitHub-ing from the command line. When you purchase through links on our site, we may earn an affiliate commission.