Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...

Microsoft Worm Attack Warning — Act Rapidly And Change Passwords Now

Rapidly change your password, the Microsoft security team urges as Shai-Hulud Dune Worm cloud attacks continue.
Bleeping Computer

GitHub revokes code signing certificates stolen in repo hack

GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories.
CoinDesk

Hackers Are Using Fake GitHub Code to Steal Your Bitcoin: Kaspersky

The GitHub code you use to build a trendy application or patch existing bugs might just be used to steal your bitcoin BTC $87,322.39 or other crypto holdings, according to a Kaspersky report. GitHub ...
ExtremeTech

GitHub hacked, millions of projects at risk of being modified or deleted

GitHub, one of the largest repositories of commercial and open source software on the web, has been hacked. Over the weekend, developer Egor Homakov exploited a gaping vulnerability in GitHub that ...
Wired

GitHub’s Hardcore Plan to Roll Out Mandatory Two-Factor

You’ve heard the advice for years: Turn on two-factor authentication everywhere it’s offered. It’s long been clear that using only a username and password to ...