Connect with us
Malicious proof-of-concepts (PoCs) are potentially exposing GitHub users to malware and other malfeasance, researchers have found. In a paper titled ‘How security professionals are being attacked: A study...
Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in...
A flaw in GitHub’s namespace retirement feature could have allowed attackers to potentially access another user’s repository. Coined ‘repojacking’ by researchers from Checkmarx, the technique could...
MyOpenVDP is a turnkey open-source solution allowing anyone to host their own vulnerability disclosure policy (VDP). Developed by YesWeHack, the web application is available on GitHub....
An automated and large-scale ‘freejacking’ campaign abuses free GitHub, Heroku, and Buddy services to mine cryptocurrency at the provider’s expense. The operation relies on abusing the...
Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them...
A researcher netted a $10,000 bug bounty reward from GitHub after discovering a way to spoof the platform’s login interface. Saajan Bhujel found a bypass that...
Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires R&D leaders, AppSec...
It’s hard to write good API specifications, and since most API gateways use them as IAC, they should be carefully checked for common mistakes. Writing an...
Fuzz testing helps developers protect their applications against memory corruptions, crashes that cause downtime, and other security issues, including DoS and uncaught exceptions. Code Intelligence has...
Recent Comments