Tag

#GitHub

28 stories taggedGitHub.

Photoreal news-editorial image, full frame 16:9, of an abandoned open source developer workstation at night: dark room, glowing monitor showing a terminal with
Identity & Access

OpenMandriva Linux Says Angry Contributor Wiped Years of Work

A developer with admin keys deleted repositories and pushed a package that could have broken user systems, after a dispute over the project's direction.

3 min
Full-frame edge-to-edge overhead photoreal shot of a developer's dark wooden desk at night, a laptop screen glowing with abstract green code, a small physical h
Threat Intelligence

Poisoned Injective SDK on npm quietly stole crypto wallet keys for hours

A hijacked contributor account on GitHub pushed a booby-trapped version of a popular blockchain toolkit, siphoning seed phrases from any developer who ran the wrong function.

3 min
Full-frame edge-to-edge photoreal news-editorial shot of a dim server room aisle at night, rows of dark server racks with faint green and amber status lights re
Threat Intelligence

Old, Silent GitHub Accounts Are Being Used to Quietly Map Companies

Datadog Security Labs says several overlapping scraping campaigns are cataloguing corporate GitHub organisations using dormant 'ghost' accounts and stolen tokens.

3 min
Full-frame photoreal editorial image of a darkened developer workstation with a large monitor showing abstract cascading package dependency graphs in green and
Policy & Regulation

npm 12 Turns Off Auto-Run Install Scripts to Blunt Supply Chain Attacks

GitHub's package manager for JavaScript now ships with a safer default, and it retires a token type that let developers skip two-factor login.

3 min
Photoreal news-editorial style, 16:9 framing, edge-to-edge composition
Threat Intelligence

Criminals Are Using GitHub's Own Public Tools to Map Your Company Before They Strike

Researchers at Datadog tracked months of quiet, automated snooping across GitHub that blends perfectly into normal traffic, and most organisations never notice it happening.

3 min
A close-up, sharply focused photograph of a glowing laptop screen in a darkened office, showing lines of green and white code reflecting faintly on a glass desk
AI Security

A Hidden Note in a Bug Report Tricked GitHub's AI Into Leaking Company Secrets

Researchers showed how a single crafted message in a public GitHub issue could fool an AI assistant into reading private code and posting it online for anyone to see.

3 min
Full-frame photoreal editorial image of a developer workstation at night, two nearly identical strings of hexadecimal characters glowing softly on a dark monito
Cloud Security

GitHub's Green 'Verified' Badge Can Lie: Signed Commits Cloned Without the Key

Researchers show anyone can produce a second signed commit that matches the author, date and files of a real one, keeping GitHub's Verified stamp while changing the unique fingerprint developers rely on.

4 min
Photoreal news-editorial 16:9 image
AI Security

Researchers Show How a Fake GitHub Comment Can Trick AI Tools Into Leaking Secret Code

A crafted public comment on GitHub can manipulate AI-powered automation into handing over data from private repositories, no password required.

3 min
Photoreal news-editorial style, 16:9 framing, full-frame edge-to-edge composition
AI Security

A Hidden Command in a GitHub Issue Can Silently Steal a Company's Private Code

Researchers found a flaw in GitHub's AI automation tool that lets an outsider read an organisation's private repositories by hiding plain-English instructions inside a public bug report.

3 min
Threat Intelligence

ChocoPoC: The Fake Exploit Repos Turning Bug Hunters Into Victims

A Python-based infostealer is hiding inside GitHub proof-of-concept code marketed to vulnerability researchers, siphoning credentials, cookies, and files before dropping a remote shell.

2 min
Threat Intelligence

ChocoPoC RAT Hides in Fake GitHub Exploits, Targets Security Researchers

A cluster of trojanized proof-of-concept repositories is pushing a Python-based RAT to the very people who go looking for them.

2 min
Vulnerabilities

GitHub Hardens actions/checkout Against Pwn Request Exploits

Blocking malicious code execution from pull_request_target workflows.

2 min
Vulnerabilities

GitHub Tightens Security to Counter Pwn Request Attacks

GitHub introduces actions/checkout v7 to block insecure pull request workflows.

2 min
Vulnerabilities

npm 12 Pulls the Plug on Install Scripts by Default

GitHub is finally turning off the lifecycle hook that's been quietly powering half a decade of supply chain attacks.

3 min
Policy & Regulation

GitHub's npm Overhaul: No More Automatic Install Scripts

GitHub reshapes npm with default script blocking, aiming to tighten software supply chain security.

2 min
© 2026 Threat Vectr