GitHub ghost accounts and exposed PATs scrape corporate orgs through the API, with select cases cloning private repos.
In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.
Unknown attackers compromised Injective Labs' GitHub repo to publish npm package 1.20.21, which steals wallet private keys ...
ActiveState explains how GitHub Actions attack chains can evade traditional CI security scanners, why passing a scan doesn't ...