Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...

Security researchers have uncovered two new malicious packages on the npm open source package manager that utilized GitHub to store stolen Base64-encrypted SSH keys taken from developer systems. These ...

GitHub today announced the launch of a limited beta of the GitHub Package Registry, its new package management service that lets developers publish public and private packages next to their source ...

Facepalm: GitHub serves as a colossal hub for software development, hosting nearly half a billion code projects created by hundreds of millions of developers worldwide. Given its extensive reach and ...

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...

Update 8/5/25: Added Toptal's statement at the end of the article, which says their investigation determined noone was impacted by this breach. Hackers compromised Toptal's GitHub organization account ...

A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public outreach, longtime relationships, and a vendor willing to listen and ...

The code-sharing website GitHub, sometimes called the "Facebook for programmers," announced a major tool that will make it easy for developers to find tools that improve the process of writing ...

GitHub is expanding the scope of its code repository to include support for publishing software packages, the company annoucned Friday afternoon. After teasing an announcement all week on Twitter, ...