GitHub now officially requires token-based authentication for its command line interface, third-party apps, and services that access Git repositories hosted on the platform. I've been writing about ...

GitHub says it notified all organizations believed to have had data stolen from their private repositories by attackers abusing compromised OAuth user tokens issued to Heroku and Travis-CI. "As of ...

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...

GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.

GhostAction attack stole 3,325 secrets from 327 GitHub accountsGitGuardian helped shut it down and alerted affected projectsA separate NPM attack hit 2,000 accounts but was unrelatedThousands of ...

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure. An analysis of build ...

GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts. Researchers at North Carolina State University (NCSU) found [PDF ...

In the light of recent supply chain attacks targeting the NPM ecosystem, GitHub will implement tighter authentication and ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

There's no need to keep going to your browser or a desktop app, do all of your GitHub-ing from the command line. When you purchase through links on our site, we may earn an affiliate commission.