03 Feb 2023

Crypto Custody Firm Copper Alerted to Security ‘Incident’ Over Christmas

Cryptocurrency custody provider Copper was alerted to a security issue over the Christmas period in December involving the company’s GitHub repository, which contains a blueprint for how the firm secures customers’ assets. Copper is one of the leading crypto custody providers, securing billions of dollars in digital assets using clever

Read More
01 Feb 2023

GitHub Confirms Signing Certificates Stolen in Cyber-Attack, Revokes Them

On Monday, GitHub confirmed that threat actors stole digital certificates used for applications such as Desktop and Atom in a cyberattack that occurred in December 2022. GitHub stated that it investigated the incident and determined that there was no risk to GitHub’s services and that it detected no unauthorized changes

Read More
08 Nov 2022

Report: GALA token exploit resulted from public leak of private key on GitHub

According to a new post by blockchain security firm SlowMist on Nov. 7, it appears that the last week’s token exploit affecting GameFi project Gala Games resulted from a public leak of applicable security keys on GitHub. As told by SlowMist, pNetwork, the cross-chain interoperability bridge used by Gala Games

Read More
28 Oct 2022

GitHub Bug Exposed Repositories to Hijacking

Security researchers have identified a flaw in GitHub that reportedly enables attackers to take control of repositories, thus allowing them to spread malware and infect code. GitHub has fixed the bug since it was discovered and stated that it lied in the popular repository namespace retirement feature. The same tool

Read More
12 Oct 2022

Toyota Reveals Data Leak of 300,000 Customers

Japanese car company Toyota has confirmed that roughly 300,000 customers may have been impacted by a data leak that exposed personal data. According to the car manufacturer, an access key was left publicly available on GitHub for almost five years. The personal information exposed in the leak is customers’ email

Read More
23 Sep 2022

Ethereum Coin Mixer Tornado Cash Is Back on GitHub

Ethereum coin mixer Tornado Cash is now back on software hosting website GitHub. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) last month blacklisted Tornado Cash, which allows users to anonymously send and receive Ethereum. American citizens are now banned from interacting with the app, which pools

Read More
15 Jul 2022

Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs

GitHub Actions and Azure virtual machines (VMs) are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. “Attackers can abuse the runners or servers provided by GitHub to run an organization’s pipelines and automation by maliciously downloading

Read More
28 Apr 2022

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub has confirmed that hackers used stolen OAuth tokens in a cyber incident last week. GitHub also shared a timeline of breaches for April 2022, encompassing the information related to when threat actors gained access and stole private repositories belonging to dozens of organizations. GitHub stated that it does not

Read More
21 Feb 2022

How GitHub Uses Machine Learning to Extend Vulnerability Code Scanning

Applying machine learning techniques to its rule-based security code scanning capabilities, GitHub hopes to be able to extend them to less common vulnerability patterns by automatically inferring new rules from the existing ones. GitHub Code Scanning uses carefully defined CodeQL analysis rules to identify potential security vulnerabilities lurking in source

Read More
09 Nov 2020

Gitpaste-12 Worm Targets Linux Servers, IoT Devices

Researchers have discovered a new malware utilizing Pastebin and GitHub to house its component code. The worm targets Linux-based x86 servers and Linux IoT devices. According to Juniper Threat Labs, who released a post on Thursday detailing the new development, the malware boasts at least 12 different attack modules. Juniper

Read More