GitHub code-signing certificates stolen (but will be revoked this week)

By Paul Ducklin — January 31^st 2023 at 11:35

There was a breach, so the bad news isn't great, but the good news isn't too bad...

TikTok “Invisible Challenge” porn malware puts us all at risk

By Paul Ducklin — November 29^th 2022 at 19:58

An injury to one is an injury to all. Especially if the other people are part of your social network.

S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]

By Paul Ducklin — August 11^th 2022 at 14:34

Latest episode - listen now! (Or read the transcript if you prefer.)

GitHub blighted by “researcher” who created thousands of malicious projects

By Paul Ducklin — August 3^rd 2022 at 23:06

If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.

S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast]

By Paul Ducklin — May 5^th 2022 at 14:16

Latest episode - listen now!

GitHub issues final report on supply-chain source code intrusions

By Paul Ducklin — April 29^th 2022 at 16:15

Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.

Adafruit suffers GitHub data breach – don’t let this happen to you

By Paul Ducklin — March 7^th 2022 at 12:47

Training data stashed in GitHub by mistake... unfortunately, it was *real* data