IT之家 8 月 16 日消息，派拓网络（Palo Alto Networks）旗下安全部门 Unit 42 于 8 月 13 日发布报告，表示托管在 GitHub 上的很多热门开源项目存在身份认证授权令牌（Auth tokens）泄露问题，让整个项目面临数据被盗和篡改植入恶意代码等风险。 Unit 42 部门发现包括谷歌 ...

Community driven content discussing all aspects of software development from DevOps to design patterns. I can’t help but think GitHub went a little too far with its removal of password based ...

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...

A spate of supply chain attacks forces GitHub’s npm to revoke ‘classic’ tokens. Despite this, larger worries about developer ...

GitHub is urging its base of users to enable two-factor authentication as the platform shakes up how it protects accounts from compromise. Everyone needs a password manager. If you're willing to pay a ...

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...

Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ...

GreyNoise saw a significant increase in scanning activity IPs from Singapore are looking for exposed Git config files, also in Singapore The files could contain sensitive information such as login ...

Waydev, an analytics platform used by software companies, has disclosed a security breach earlier this month. The company says that hackers broke into its platform and stole GitHub and GitLab OAuth ...