Dark Reading

Dropbox Code Repositories Stolen in Cyberattack on GitHub-Based Developers

A massive phishing campaign targeting GitHub users convinced at least one developer at Dropbox to enter in their credentials and a two-factor authentication code, leading to the theft of at least 130 ...
ZDNet

A hacker is wiping Git repositories and asking for a ransom

The attacks started earlier today, appear to be coordinated across Git hosting services (GitHub, Bitbucket, GitLab), and it is still unclear how they are happening. What it is known is that the hacker ...
IPWatchdog

Your Developers Could Be Publicly Disclosing Source Code By Using Third-Party Code Repositories

“It is important to keep in mind that courts have found that the mere intent to keep the document confidential is insufficient.” Recently, I met with a potential client to discuss key points that ...
InfoQ

Google Releases New Code Search in Beta in Revamped Cloud Source Repositories

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Vivek Yadav, an engineering manager from ...
CPO Magazine

Hackers Are Auctioning 860GB of Source Code Stolen From Target’s Development Server

Hackers have listed 860GB of private source code and assets stolen from Target’s Gitea self-hosted software development ...
Ars Technica

GitHub says hackers cloned code-signing certificates in breached repository

GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing ...
CSOonline

4 tools to prevent leaks in public code repositories

Use these tools to find your company's exposed secrets in repositories such as GitLab, GitHub, or Google Cloud Build before attackers do. Secrets stored in Git repositories have been a thorn in the ...
ZDNet

Code execution bug in malicious repositories resolved by Git Project

The Git Project has disclosed the existence of a severe vulnerability which can lead to the execution of arbitrary code. The vulnerability, CVE-2018-17456, was disclosed on Friday. The ...
Business Wire

Code42 Incydr Detects Source Code Exfiltration from Git to Unsanctioned Repositories

MINNEAPOLIS--(BUSINESS WIRE)--Code42 Software, Inc., the Insider Risk Management (IRM) leader, today announced it has enhanced source code exfiltration detection within its Code42 ® Incydr™ product to ...
Bleeping Computer

Slack's private GitHub code repositories stolen over holidays

Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at ...
Dark Reading

Malware in PyPI Code Shows Supply Chain Risks

The pace of modern software development requires code reuse, and effective code reuse requires code repositories. These collections of code fragments, functions, libraries, and modules allow ...

The Double-Edged Sword of Non-Human Identities

Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows ...