Windows Report

New VS Code Zero-Day Lets Attackers Access Private GitHub Repositories

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...
Infosecurity-magazine.com

GitHub to Enforce Two-Factor Authentication

A code-hosting platform used by tens of millions of software developers worldwide is implementing mandatory two-factor authentication (2FA) for all code contributors. In an announcement shared earlier ...
The Verge

GitHub will require all code contributors to use two-factor authentication

GitHub, the code hosting platform used by tens of millions of software developers around the world, announced today that all users who upload code to the site will need to enable one or more forms of ...
Bleeping Computer

GitHub to require 2FA from active developers by the end of 2023

GitHub also disabled password auth via the REST API in November 2020 and added support for securing SSH Git operations using FIDO2 security keys in May 2021. GitHub also improved account security over ...
Wired

GitHub’s Hardcore Plan to Roll Out Mandatory Two-Factor

You’ve heard the advice for years: Turn on two-factor authentication everywhere it’s offered. It’s long been clear that using only a username and password to ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.