Researchers have uncovered a sustained campaign using GitHub's public APIs and ghost accounts to profile enterprise software ...
Multiple threat actors are abusing the GitHub API to discover organizations’ repositories and members via ghost accounts.
GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and ...
GitHub ghost accounts and exposed PATs scrape corporate orgs through the API, with select cases cloning private repos.
The issue affects GitHub Agentic Workflows setups that read public input, hold private repo access, and can post output ...
GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations. The attacker used stolen OAuth ...
After the CISA GitHub leak, the agency published a candid incident postmortem. Here are six lessons security teams should copy, from secrets scanning to key rotation.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results