Tag

#GitHub

24 stories taggedGitHub · page 2 of 2.

Vulnerabilities

GitHub's Browser VSCode Handed Attackers a Skeleton Key to Your Private Repos

An unscoped OAuth token, a Jupyter notebook, and a skipped publisher trust check. That's all it took.

3 min
Identity & Access

One Click in VS Code Was Enough to Hand Over Your GitHub Token

Researcher Ammar Askar found a clickjack-style flaw in github.dev that leaked full-fat OAuth tokens — read/write, private repos included.

3 min
AI Security

The npm Package That Reached Into Claude's Sandbox

A bait package called mouse5212-super-formatter quietly siphoned files from the directory Anthropic's Claude uses to handle user uploads, exfiltrating them to a GitHub repo controlled by the author.

2 min
Threat Intelligence

Megalodon Campaign Plants Malicious Workflows in 5,561 GitHub Repos in Six Hours

Throwaway accounts pushed 5,718 commits forging build-bot identities to exfiltrate CI/CD secrets, researchers said.

2 min
Threat Intelligence

Eight Packagist Projects Hijacked to Pull Linux Payload From GitHub Releases

The injected code lived in package.json, not composer.json, and targeted JavaScript-shipping Composer projects.

2 min
Cloud Security

CISA Contractor Spent Six Months Treating GitHub as a Personal Dropbox

A Nightwing employee's public 'Private-CISA' repo leaked AWS GovCloud admin keys, plaintext passwords and the agency's internal build pipeline — with secret-scanning deliberately switched off.

2 min
Cloud Security

CISA Contractor's Public GitHub Repo Spilled GovCloud Keys for Months; Lawmakers Want Answers

An RSA private key tied to the CISA-IT GitHub organization sat in a public 'Private-CISA' repo since November 2025. The agency is still rotating credentials.

3 min
Policy & Regulation

npm Introduces Staged Publishing With Mandatory 2FA Gate for Maintainer Approval

GitHub's package registry now requires a human maintainer to clear a two-factor challenge before a release leaves a staging area, a control aimed at the supply chain attacks that have repeatedly compromised the JavaScript ecosystem.

2 min
Threat Intelligence

Laravel Lang Composer packages backdoored via GitHub tag rewrite, dropping infostealer on developer machines

Attackers reused legitimate version tags on the laravel-lang GitHub repository to push malicious Composer payloads to downstream installs, harvesting credentials from build environments.

2 min
© 2026 Threat Vectr