Bleeping Computer

GitHub rotates keys to mitigate impact of credential-exposing flaw

GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. This unsafe ...
Threat Post

Breached Credentials Used to Access Github Repositories

Password reuse strikes GitHub users, some of whom will have to reset their credentials after unauthorized attempts were made to access a large number of GitHub accounts. Github is forcing a password ...

Kaspersky warns of malware-ridden GitHub projects: how hackers are stealing credentials

Cybercriminals are exploiting GitHub to spread credential-stealing malware through fake repositories, cybersecurity firm ...
The Hacker News

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A misconfigured AWS CodeBuild webhook allowed bypass of actor ID checks, risking takeover of four AWS GitHub repositories ...
Dark Reading

Supply Chain Worms in 2026: What Shai-Hulud Taught Attackers (And How to Prepare)

The Shai-Hulud 2.0 campaign exposed 33,185 unique secrets across 20,649 repositories scanned. Among the exposed credentials, 3,760 remained valid days after discovery. Here is why the next version ...
Hosted on MSN

Hackers target South American crypto users on GitHub with credential stealing Trojan

Hackers are now stealing crypto credentials on GitHub with a banking Trojan called Astaroth. The development was revealed after research by cybersecurity firm McAfee. The outfit claimed that the ...