Bleeping Computer

Millions of GitHub repos likely vulnerable to RepoJacking, researchers say

Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of ...
Geeky Gadgets

Why your private GitHub repos may not be as secure as you think

Private and deleted GitHub repositories are not as secure as users might assume. Data from deleted forks, deleted repositories, and private repositories can still be accessed, often indefinitely. This ...
Dark Reading

Millions of Repos on GitHub Are Potentially Vulnerable to Hijacking

Millions of enterprise software repositories on GitHub are vulnerable to repojacking, a relatively simple kind of software supply chain attack where a threat actor redirects projects that are ...
Dark Reading

Hackers Post Dozens of Malicious Copycat Repos to GitHub

Cybercriminals continue to sneak malicious repositories onto GitHub. Typosquatting, dependency confusion, and other types of cyberattacks precipitated through malicious packages are old and common ...
InfoWorld

What is GitHub? More than Git version control in the cloud

GitHub is the host with the most for open-source projects and programmers who want to share and collaborate on code. Here’s why. GitHub is at heart a Git repository hosting service, i.e. a cloud-based ...
TheServerSide

Want a private GitHub repository? It comes with a catch

Until now, the most compelling reason to opt into the GitHub Pro paid product was because it enabled you to create a private repository. Developers could use GitHub's free offering -- with a ...
Ars Technica

Programmatically identify which of the two remote git repos is more up-to-date?

I've been building from the github repo of one of an OSS project's contributors (let's call it Repo 1). The official maintainer seems to actively contribute to that repo. So I thought that's the ...