Geeky Gadgets

Why your private GitHub repos may not be as secure as you think

Private and deleted GitHub repositories are not as secure as users might assume. Data from deleted forks, deleted repositories, and private repositories can still be accessed, often indefinitely. This ...
Dark Reading

Millions of Malicious Repositories Flood GitHub

Cyberattackers in just the last few months have registered more than 100,000 — but by some estimates more than a million — malicious copycat repositories on GitHub. The "repo confusion" scheme is ...
Dark Reading

Millions of Repos on GitHub Are Potentially Vulnerable to Hijacking

Millions of enterprise software repositories on GitHub are vulnerable to repojacking, a relatively simple kind of software supply chain attack where a threat actor redirects projects that are ...
Bleeping Computer

35,000 code repos not hacked—but clones flood GitHub to serve malware

Thousands of GitHub repositories were copied with their clones altered to include malware, a software engineer discovered today. While cloning open source repositories is a common development practice ...
Bleeping Computer

GitHub’s secret scanning alerts now available for all public repos

GitHub has announced that its secret scanning alerts service is now generally available to all public repositories and can be enabled to detect leaked secrets across an entire publishing history.
TheServerSide

Want a private GitHub repository? It comes with a catch

Until now, the most compelling reason to opt into the GitHub Pro paid product was because it enabled you to create a private repository. Developers could use GitHub's free offering -- with a ...
ZDNet

GitHub: Our dependency scan has found four million security flaws in public repos

GitHub says its security scan for old vulnerabilities in JavaScript and Ruby libraries has turned up over four million bugs and sparked a major clean-up by project owners. The massive bug-find total ...