Category: GitHub
-
Smashing Security podcast #469: What your Oura ring won’t tell you
Smashing Security podcast #469: What your Oura ring won’t tell you CISA, the US government agency whose entire job is keeping America’s critical infrastructure safe from hackers, has had a contractor publish dozens of plain-text credentials to a public GitHub profile. Meanwhile, your Oura ring is quietly transmitting some of its data unencrypted – and…
-
GitHub Adds Staged Publishing to npm to Block Automated Supply Chain Attacks
GitHub Adds Staged Publishing to npm to Block Automated Supply Chain Attacks GitHub has introduced a major security upgrade to the npm ecosystem with the general availability of staged publishing and new install-time controls, aimed at reducing automated supply chain attacks targeting open-source packages. The newly released staged publishing feature changes how npm packages are…
-
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers Demand Answers as CISA Tries to Contain Data Leak Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account.…
-
CISA Admin Leaked AWS GovCloud Keys on Github
CISA Admin Leaked AWS GovCloud Keys on Github Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how…
-
Claude Opus 4.5 Now Integrated with GitHub Copilot
Claude Opus 4.5 Now Integrated with GitHub Copilot GitHub has announced the general availability of Claude Opus 4.5, Anthropic’s advanced AI model, across its Copilot platform. This integration enhances AI capabilities for developers using GitHub’s code assistance tools. The Claude Opus 4.5 model is now accessible to users with Copilot Enterprise, Copilot Business, Copilot Pro,…
-
Leading AI companies accidentally leak their passwords and digital keys on GitHub – what you need to know
Leading AI companies accidentally leak their passwords and digital keys on GitHub – what you need to know Many of the world’s top artificial intelligence companies are making a simple but dangerous mistake. They are accidentally publishing their passwords and digital keys on GitHub, the popular code-sharing website that is used by millions of developers…
-
Smashing Security podcast #436: The €600,000 gold heist, powered by ransomware
Smashing Security podcast #436: The €600,000 gold heist, powered by ransomware Ransomware doesn’t just freeze computers – it can silence alarms too. And when the Natural History Museum in Paris went dark, thieves helped themselves to €600,000 worth of gold in a daring late-night heist. Meanwhile, developers have a new headache: a worm dubbed “Shai…
-
Self-Replicating Worm Hits 180+ Software Packages
Self-Replicating Worm Hits 180+ Software Packages At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more…
-
DOGE Denizen Marko Elez Leaked API Key for xAI
DOGE Denizen Marko Elez Leaked API Key for xAI Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep…
-
Big Tech’s Mixed Response to U.S. Treasury Sanctions
Big Tech’s Mixed Response to U.S. Treasury Sanctions In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech…
-
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs An employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from…
-
DOGE Worker’s Code Supports NLRB Whistleblower
DOGE Worker’s Code Supports NLRB Whistleblower A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories…
-
Whistleblower: DOGE Siphoned NLRB Case Data
Whistleblower: DOGE Siphoned NLRB Case Data A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the…
-
GitHub Details How Security Professionals Can Use Copilot to Analyze Logs
GitHub Details How Security Professionals Can Use Copilot to Analyze Logs GitHub has unveiled groundbreaking applications of its AI-powered coding assistant, Copilot, specifically tailored for security professionals analyzing system logs and operational data. The tool now demonstrates unprecedented capabilities in parsing security event information, identifying anomalies, and accelerating incident response workflows through intelligent code suggestions…