How GitHub Is Securing the Software Supply Chain

In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the ...
CSOonline

GitHub accounts targeted with fake security alerts

In a new phishing campaign, GitHub developers are being targeted with fake “Security Alerts” where they are prompted to authorize a malicious OAuth application. Successful execution of the Click-fix ...
Wired

A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub

A secretive network of around 3,000 “ghost” accounts on GitHub has quietly been manipulating pages on the code-hosting website to promote malware and phishing links, according to new research seen by ...

GitHub is finally tightening up security around npm following multiple attacks

Furthermore, GitHub announced it would deprecate legacy classic tokens, as well as time-based one-time password (TOTP) 2FA, ...

GitHub tightens npm security with mandatory 2FA, access tokens

GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale ...

OpenAI Rolls Out GPT-5-Codex, a New AI Model to Take On GitHub Copilot and Cursor

OpenAI has introduced GPT-5 Codex, a cutting-edge coding AI designed to rival GitHub Copilot and Cursor AI. With improved code generation, debugging, and context understanding, GPT-5 Codex sets a new ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...