How-To Geek on MSN

The hidden dangers of downloading GitHub projects: How to stay safe

Running an .exe from GitHub is a leap of faith. Here is how I keep things secure.
CSOonline

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack. The way build ...
SD Times

GitHub launches new funding program to improve security of open source projects

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
TechCrunch

GitHub launches $1.25M open source fund with a focus on security

The open source funding problem is very real, but a slew of initiatives have emerged of late, with startups, corporations, and venture capitalists launching various programs to support some of the ...
Bleeping Computer

Over 3.1 million fake "stars" on GitHub projects used to boost rankings

GitHub has a problem with inauthentic "stars" used to artificially inflate the popularity of scam and malware distribution repositories, helping them reach more unsuspecting users. Stars are similar ...
CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
Dark Reading

GitHub Opens Security Database to Community Contributions

Software platform provider GitHub has now published its GitHub Advisory Database under an open-source license, giving contributors the ability to add technical information to the collected security ...
Dark Reading

GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects

Researchers have uncovered an attack vector that affected GitHub open source projects owned by Google, Microsoft, Amazon Web Services, and others, executed by abusing artifacts generated as part of ...
TechRepublic

GitHub Universe: Open Source Trends Report and New AI Security Products

GitHub Universe: Open Source Trends Report and New AI Security Products Your email has been sent GitHub Advanced Security gains AI features, and GitHub Copilot now includes a chatbot option. GitHub ...
Wired

A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub

A secretive network of around 3,000 “ghost” accounts on GitHub has quietly been manipulating pages on the code-hosting website to promote malware and phishing links, according to new research seen by ...
Bleeping Computer

Dev rejects CVE severity, makes his GitHub repo read-only

The popular open source project, 'ip' recently had its GitHub repository archived, or made "read-only" by its developer. Fedor Indutny, due to a CVE report filed against his project, started getting ...