CSOonline

GitHub secrets: Deleted files still pose risks

Deleted files within public GitHub repositories could still be exposing secrets like API keys, tokens, and credentials, if threat actors knew where and how to look. Cybersecurity researcher Sharon ...
Bleeping Computer

Hackers steal 15,000 cloud credentials from exposed Git config files

A large-scale malicious operation named "EmeraldWhale" scanned for exposed Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories. According to ...
ZDNet

Over 100,000 GitHub repos have leaked API or cryptographic keys

A scan of billions of files from 13 percent of all GitHub public repositories over a period of six months has revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with ...

Microsoft is still leaving Mac users exposed to GitHub Mac malware flood

For the last few years, Mac users are facing a wave of fake apps on Microsoft-owned GitHub that disguise themselves as ...
Bleeping Computer

35,000 code repos not hacked—but clones flood GitHub to serve malware

Thousands of GitHub repositories were copied with their clones altered to include malware, a software engineer discovered today. While cloning open source repositories is a common development practice ...