Threat Post

GitHub Code Execution Bug Fetches $18,000 Bounty

GitHub awarded $18,000 to a researcher after he came across a remote code execution bug in the company’s enterprise management console. GitHub recently awarded $18,000 to a researcher after he came ...
SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
Bleeping Computer

GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI

GitHub security team has identified several high-severity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI. The tar package receives 20 million weekly downloads on ...
ZDNet

GitHub awards researcher $18,000 for remote code execution flaw discovery

GitHub has awarded a researcher $18,000 for disclosing a security flaw in GitHub Enterprise which could have lead to remote code execution. According to independent German researcher Markus Fenske, ...
Infosecurity Magazine

Malicious Commands in GitHub Codespaces Enable RCE

A set of attack vectors in GitHub Codespaces have been uncovered that enable remote code execution (RCE) by opening a ...

GitHub previews Agentic Workflows as part of continuous AI concept

Won't replace traditional CI/CD – and still in early development – so use 'at your own risk' Agentic workflows - where an AI ...
Bleeping Computer

GitHub code scanning now finds more security vulnerabilities

Code hosting platform GitHub today launched new machine learning-based code scanning analysis features that will automatically discover more common security vulnerabilities before they end up in ...
Engadget

GitHub can actively look for security holes in your code

GitHub, the Microsoft-owned code repository, has announced something that will hopefully make all our software much more secure. The platform has, after several months of testing, now launched code ...