Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...

eScan Enterprise DLP Closes Critical GitHub Access Control Gap for Organizations

GitHub Team accounts leave enterprises exposed. eScan enforces corporate-only authentication across all GitHub tiers — ...

Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...
Dark Reading

Heroku: Cyberattacker Used Stolen OAuth Tokens to Steal Customer Account Credentials

Salesforce subsidiary Heroku on Thursday said that the threat actor that stole Heroku GitHub integration OAuth tokens in April also accessed an internal database containing hashed and salted passwords ...
ZDNet

GitHub pushes users to enable 2FA following end of password authentication for Git operations

GitHub is urging its base of users to enable two-factor authentication as the platform shakes up how it protects accounts from compromise. Everyone needs a password manager. If you're willing to pay a ...
ZDNet

GitHub enables two-factor authentication mechanism through iOS, Android app

GitHub announced that two-factor authentication will be available to all users through GitHub Mobile this week. In a blog post, GitHub's Berk Veral said GitHub Mobile 2FA will be available to all ...