Bleeping Computer

Over 3.1 million fake "stars" on GitHub projects used to boost rankings

GitHub has a problem with inauthentic "stars" used to artificially inflate the popularity of scam and malware distribution repositories, helping them reach more unsuspecting users. Stars are similar ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
Dark Reading

It's Time to Take GitHub Threats Seriously

Security operations teams are plenty busy dealing with malware, phishing, and distributed denial-of-service attacks. But there's an area of IT that many SecOps teams haven't been able to sufficiently ...