CSOonline

Millions of GitHub repositories vulnerable to RepoJacking: Report

AquaSec analyzed a sample of 1% of GitHub repositories and found that about 37,000 of them are vulnerable to RepoJacking, including the repositories of companies such as Google and Lyft. Millions of ...
Bleeping Computer

GitHub rolls out free secret scanning for all public repositories

GitHub is rolling out support for the free scanning of exposed secrets (such as credentials and auth tokens) to all public repositories on its code hosting platform. Secret scanning is a security ...
TechCrunch

Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot

Security researchers are warning that data exposed to the internet, even for a moment, can linger in online generative AI chatbots like Microsoft Copilot long after the data is made private. Thousands ...
TechRadar

Thousands of GitHub repositories exposed via Microsoft Copilot

Copilot has access to private GitHub repositories, researchers found The repositories were public at some point, and Bing cached them The caching behavior is "acceptable" says Microsoft Thousands of ...
Dark Reading

10 Major GitHub Risk Vectors Hidden in Plain Sight

Risk vector: Package managers like npm, pip, Maven, and Go modules all enable pulling dependencies directly from GitHub repositories instead of official registries. Attack surface: Using mutable ...
TechCrunch

GitHub Copilot can now tell developers when its suggestions match code in a public repository

GitHub Copilot has changed how developers write their code. However, it can also create issues when it creates code similar to what’s already available in another public repository. In 2022, GitHub ...