#githubsecurity

roxsross

@roxsross.bsky.social

1 week ago

🔍 Cómo escanear vulnerabilidades con el framework de IA de código abierto de GitHub Security Lab

github.blog/security/how-to-scan-for...

#GitHubSecurity #VulnerabilityScanning #AppSec #RoxsRoss

CyberMaterial

@cybermaterial.bsky.social

2 weeks ago

OpenClaw: The AI Agent Security Crisis Happening Now
Read More: buff.ly/czeeI6L

#OpenClaw #AIAgentSecurity #OpenSourceRisk #GitHubSecurity #AutonomousAgents #AIsecurity #DevSecOps #ThreatDetection

The Daily Tech Feed

@thedailytechfeed.com

1 month ago

Critical AWS CodeBuild flaw exposed GitHub repositories to potential hijacking. Learn how this vulnerability was discovered and mitigated. #AWS #CyberSecurity #CodeBuild #GitHubSecurity Link: thedailytechfeed.com/aws-codebuil...

ToxSec

@toxsec.bsky.social

3 months ago

New campaign spotted: Attackers abuse
GitHub-hosted Python repos to spread PyStoreRAT, a sneaky JavaScript Remote Access Trojan. Devs, vet those dependencies!
#MalwareAlert #GitHubSecurity

ReconBee

@reconbee.bsky.social

4 months ago

Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories npm-stat data it has been downloaded a total read more about Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories

Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories reconbee.com/researchers-...

#malicious #npmpackage #GitHub #githubsecurity #repositories #cybersecurity #cyberattack

Gavin Johnson-Lynn

@gavinjl.bsky.social

4 months ago

How do you build up trust in a public GitHub Repository?

#cybersecurity
#githubsecurity
#SupplyChainSecurity
#securecoding

Opsera

@opseraio.bsky.social

5 months ago

How AI Is Revolutionizing Cybersecurity Risk Assessment

Discover how GitHub Advanced Security (GHAS) combined with AI analytics is transforming how development teams assess and quantify security risks.

👉 Watch the whole webinar: www.youtube.com/watch?v=hPn6...

#CyberSecurity #GitHubSecurity

The Daily Tech Feed

@thedailytechfeed.com

5 months ago

Alert: Malicious GitHub repos mimicking Malwarebytes, LastPass, Citibank, and SentinelOne are distributing malware. Verify sources before downloading. #CyberSecurity #MalwareAlert #GitHubSecurity Link: thedailytechfeed.com/malicious-gi...

ReconBee

@reconbee.bsky.social

5 months ago

GitHub notifications abused to impersonate Y Combinator for crypto theft Batch (W2026) served as the campaign's bait read more about GitHub notifications abused to impersonate Y Combinator for crypto theft

GitHub notifications abused to impersonate Y Combinator for crypto theft reconbee.com/github-notif...

#githubsecurity #GitHub #cryptotheft #cyberattack

Deploy Harmlessly

@deployharmlessly.bsky.social

5 months ago

Post-quantum security for SSH access on GitHub GitHub is introducing post-quantum secure key exchange methods for SSH access to better protect Git data in transit.

🤔Ever wondered how galaxy-travelers safeguard their cosmic treasures? GitHub tackles post-quantum security for SSH ✨🔒, prepping for the future's spicy computing challenges! #PostQuantum #SSH #GitHubSecurity 🌟

Ethan Troy

@ethantroy.com

5 months ago

Stop Echoing Batman's Secrets Instead of echoing your secrets in your actions use the official Github Google Cloud Action

hackidle.com/stop-echoing...

#CICD #Github #GithubSecurity #GithubActions #Pipelines #CloudSecurity

The Daily Tech Feed

@thedailytechfeed.com

6 months ago

Critical RCE vulnerability in CodeRabbit exposed over 1M repositories. Swift action taken to mitigate risks. #CyberSecurity #RCE #CodeRabbit #GitHubSecurity Link: thedailytechfeed.com/critical-rce...

HackerNoon

@hackernoon.com

7 months ago

Why GitHub Commits Aren’t as Private as You Think

GitHub's repo network can expose deleted or private commits. Learn how forks, SHAs, and metadata can leak your secrets even after cleanup. #githubsecurity

DevOpsCon | Community & Conferences

@devopscon.bsky.social

7 months ago

🚨 23.8M secrets leaked via public GitHub.
One repo = total prod compromise.

Christian Schneider drops the hard truth.

🔐 Want to secure your CI/CD pipelines and defend your infrastructure?
➡️ Join #DevOpsCon New York → https://devopscon.io/new-york/

#GitGuardian #DevSecOps #GitHubSecurity #CIrisks

Pure Tech

@puretech.news

7 months ago

GitHub abused to distribute payloads on behalf of malware-as-a-service Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to targets....

GitHub abused to distribute payloads on behalf of malware-as-a-service #Technology #Cybersecurity #Malware #CyberThreats #GitHubSecurity

Naoya

@naoyacreates.bsky.social

8 months ago

AIMindUpdate News!
Downloading hacking tools? Beware! Banana Squad hides malware in trojanized GitHub repositories. Learn how to protect yourself.#BananaSquad #GitHubSecurity #Malware

Click here↓↓↓
aimindupdate.com/2025/06/25/b...

Naoya

@naoyacreates.bsky.social

8 months ago

AIMindUpdate News!
GitHub users beware! "Banana Squad" is injecting malware into popular repos. Protect your code now! #GitHubSecurity #MalwareAlert #CyberThreat

Click here↓↓↓
aimindupdate.com/2025/06/22/g...

Naoya

@naoyacreates.bsky.social

8 months ago

AIMindUpdate News!
GitHub users beware! "Banana Squad" is injecting malware into popular repos. Protect your code now! #GitHubSecurity #MalwareAlert #CyberThreat

Click here↓↓↓
aimindupdate.com/2025/06/22/g...

Naoya

@naoyacreates.bsky.social

8 months ago

AIMindUpdate News!
GitHub users beware! "Banana Squad" is injecting malware into popular repos. Protect your code now! #GitHubSecurity #MalwareAlert #CyberThreat

Click here↓↓↓
aimindupdate.com/2025/06/22/g...

Naoya

@naoyacreates.bsky.social

8 months ago

AIMindUpdate News!
GitHub users beware! "Banana Squad" is injecting malware into popular repos. Protect your code now! #GitHubSecurity #MalwareAlert #CyberThreat

Click here↓↓↓
aimindupdate.com/2025/06/22/g...

FreelanceBar.me

@freelancebarme.bsky.social

8 months ago

Secrets, tokens, and full takeovers: what Sysdig just uncovered in GitHub will terrify open-source teams A single line of code could allow hackers to breach MITRE and Splunk

Sysdig exposed significant security gaps in GitHub workflows which could result in project hijacking and secret theft. #GitHubSecurity #SysdigIncident www.techradar.com/computing/artificial-int...

Hacker News Companion

@hncompanion.com

9 months ago

A Hacker News discussion debated a reported exploit of GitHub's MCP (Machine Communication Protocol). It allegedly allowed unauthorized access to private repos. The core debate: Was it a true exploit, user error, or prompt injection? #GitHubSecurity 1/6

Hacker News Companion

@hncompanion.com

9 months ago

Overview: HN discussion on a GitHub MCP/LLM vulnerability. LLMs tricked via prompt injection using broad access tokens can leak private repo data into public spaces. Core issue: broad permissions & 'Always Allow' on tool calls. #githubsecurity 1/6

The DefendOps Diaries

@defendopsdiaries.bsky.social

11 months ago

GitHub's Security Tools Expansion: A New Era in Software Protection | The DefendOps Diaries GitHub expands security tools, democratizing access to protect codebases and enhance risk management for all organizations.

GitHub is shaking up code security after 39 million secrets leaked—now every team can access standalone tools backed by AI and major cloud partners. Curious how this could reshape digital protection?

#githubsecurity
#softwareprotection
#secretmanagement
#cybersecuritytools
#infosec

Technijian

@technijian.bsky.social

11 months ago

Urgent Warning: OAuth Attacks Target Microsoft 365 & GitHub OAuth Attacks on Microsoft 365 and GitHub are escalating fast. Discover how fake Adobe, DocuSign, and GitHub apps are compromising user...

🚨 OAuth Attacks are on the rise! Cybercriminals are targeting #Microsoft365 & #GitHub using fake Adobe & DocuSign apps to steal credentials and..

🔗 technijian.com/microsoft/oa...

#CyberSecurity #OAuthAttack #CloudSecurity #PhishingAlert #Technijian #GitHubSecurity #InfoSec #ThreatIntel #DataBreach

The DefendOps Diaries

@defendopsdiaries.bsky.social

11 months ago

Enhancing GitHub Actions Security: Strategies and Insights | The DefendOps Diaries Explore strategies to secure GitHub Actions against supply chain attacks with pinning, allow-lists, and secret rotation.

Enhancing GitHub Actions Security: Strategies and Insights

#githubactionssecurity
#cicdsecurity
#supplychainattack
#devsecops
#githubsecurity

Technijian

@technijian.bsky.social

11 months ago

GitHub Supply Chain Attack Compromises 23,000 Repositories A massive GitHub supply chain attack exposed CI/CD secrets in 23,000 repositories. Learn how the attack happened, its impact, and how to ...

🚨 GitHub Supply Chain Attack Exposes 23,000 Repositories! 🚨

📖 Read more: technijian.com/cyber-securi...

#GitHub #CyberSecurity #SupplyChainAttack #CI_CD #GitHubSecurity #OpenSource #DataBreach #CyberThreats #DevSecOps #ThreatIntelligence #Technijian

Winbuzzer

@winbuzzer.com

1 year ago

Malware Campaign Exploits GitHub, Infecting Nearly One Million Devices - WinBuzzer A global malware campaign has misused GitHub repositories to infect nearly one million devices, exploiting trust signals and redirecting users from illegal streaming sites.

Malware Campaign Exploits GitHub, Infecting Nearly One Million Devices

#Cybersecurity #GitHub #GitHubSecurity #Malware #CyberCrime #MicrosoftSecurity #OpenSourceSecurity #CyberAttacks #GitHubMalware

John P. Mello Jr.

@jpmjr.bsky.social

1 year ago

RoguePuppet software supply chain exposure: Lessons learned A flaw in Puppet Forge on GitHub could have led to a supply chain disaster matching the scope of the attack on SolarWinds. Here are the ke...

A flaw in Puppet Forge on GitHub could have led to a supply chain disaster matching the scope of the attack on SolarWinds. Here are the key takeaways. #SoftwareSupplyChain #RoguePuppet #PuppetForge #OpenSourceSecurity #GitHubSecurity #AdnanKhan
tinyurl.com/wzads2zk

/am

@alokemajumder.bsky.social

2 years ago

Hijackable Go Module Repositories - Blog - VulnCheck VulnCheck scans the Go module ecosystem for module repositories affected by repojacking, and discover hundreds of thousands of affected module-versions.

VulnCheck reports over 9,000 GitHub repositories at risk of repojacking from username changes, plus 6,000+ due to account deletions.In total, 15,000 repositories, supporting 800,000+ Go module-versions, are exposed to this vulnerability. vulncheck.com/blog/go-repo... #GitHubSecurity #RepojackingRisk