Threat Post

GitHub Code Execution Bug Fetches $18,000 Bounty

GitHub awarded $18,000 to a researcher after he came across a remote code execution bug in the company’s enterprise management console. GitHub recently awarded $18,000 to a researcher after he came ...
ZDNet

GitHub awards researcher $18,000 for remote code execution flaw discovery

GitHub has awarded a researcher $18,000 for disclosing a security flaw in GitHub Enterprise which could have lead to remote code execution. According to independent German researcher Markus Fenske, ...
Cybernews

Unprecedented GitHub hacking spree: “security research” AI bot compromises major repos ...

Five major GitHub repositories targeted by the autonomous AI bot “hackerbot-claw” were compromised through various injection ...
Bleeping Computer

GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI

GitHub security team has identified several high-severity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI. The tar package receives 20 million weekly downloads on ...
InfoQ

AI-Powered Bot Compromises GitHub Actions Workflows Across Microsoft, DataDog, and CNCF ...

AI-powered bot hackerbot-claw exploited GitHub Actions workflows across Microsoft, DataDog, and CNCF projects over 7 days using 5 attack techniques. Bot achieved RCE in 5 of 7 targets, stole GitHub ...
Engadget

GitHub can actively look for security holes in your code

GitHub, the Microsoft-owned code repository, has announced something that will hopefully make all our software much more secure. The platform has, after several months of testing, now launched code ...

Pervaziv AI Releases AI Code Review 2.0 GitHub Action for Repository-Wide Security Scanning ...

New release integrates automated security scanning, AI-powered remediation, and GitHub-native workflows for enterprise ...