#GitHub
24 stories taggedGitHub · page 2 of 2.

GitHub's Browser VSCode Handed Attackers a Skeleton Key to Your Private Repos
An unscoped OAuth token, a Jupyter notebook, and a skipped publisher trust check. That's all it took.

One Click in VS Code Was Enough to Hand Over Your GitHub Token
Researcher Ammar Askar found a clickjack-style flaw in github.dev that leaked full-fat OAuth tokens — read/write, private repos included.

The npm Package That Reached Into Claude's Sandbox
A bait package called mouse5212-super-formatter quietly siphoned files from the directory Anthropic's Claude uses to handle user uploads, exfiltrating them to a GitHub repo controlled by the author.

Megalodon Campaign Plants Malicious Workflows in 5,561 GitHub Repos in Six Hours
Throwaway accounts pushed 5,718 commits forging build-bot identities to exfiltrate CI/CD secrets, researchers said.

Eight Packagist Projects Hijacked to Pull Linux Payload From GitHub Releases
The injected code lived in package.json, not composer.json, and targeted JavaScript-shipping Composer projects.

CISA Contractor Spent Six Months Treating GitHub as a Personal Dropbox
A Nightwing employee's public 'Private-CISA' repo leaked AWS GovCloud admin keys, plaintext passwords and the agency's internal build pipeline — with secret-scanning deliberately switched off.

CISA Contractor's Public GitHub Repo Spilled GovCloud Keys for Months; Lawmakers Want Answers
An RSA private key tied to the CISA-IT GitHub organization sat in a public 'Private-CISA' repo since November 2025. The agency is still rotating credentials.

npm Introduces Staged Publishing With Mandatory 2FA Gate for Maintainer Approval
GitHub's package registry now requires a human maintainer to clear a two-factor challenge before a release leaves a staging area, a control aimed at the supply chain attacks that have repeatedly compromised the JavaScript ecosystem.

Laravel Lang Composer packages backdoored via GitHub tag rewrite, dropping infostealer on developer machines
Attackers reused legitimate version tags on the laravel-lang GitHub repository to push malicious Composer payloads to downstream installs, harvesting credentials from build environments.