How to stay safe from repo-jacking
Repo-jacking is a specific type of supply chain attack. This blog post explains what it is, what the risk is, and what you can do to stay safe.
Resources for securing your supply chain, building more secure applications, and staying up-to-date with the latest vulnerability research. Get comprehensive insights into the latest security trends—and news from the GitHub Security Lab. You can also check out our documentation on code security on GitHub to find out how to keep your code and applications safe.
Repo-jacking is a specific type of supply chain attack. This blog post explains what it is, what the risk is, and what you can do to stay safe.
In practice, shifting left has been more about shifting the burden rather than the ability. But AI is bringing its promise closer to reality. Here’s how.
Consider deploying the GitHub Action: Evergreen so that you know each of your repositories are leveraging active dependency management with Dependabot.
The GitHub Security Lab teamed up with Ekoparty once again to create some challenges for its yearly Capture the Flag competition!
Learn about how we run a scalable vulnerability management program built on top of GitHub.
This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution.
Using CVE-2023-43641 as an example, I’ll explain how to develop an exploit for a memory corruption vulnerability on Linux. The exploit has to bypass several mitigations to achieve code execution.
Learn how researchers and security experts at GitHub, Microsoft, and Santander came together to address the challenges presented by the post-quantum cryptography world.
The GitHub Security Lab examined the most popular open source software running on our home labs, with the aim of enhancing its security. Here’s what we found and what you can do to better protect your own smart home.
Improve your GitHub Action’s security posture by securing your source repository, protecting your maintainers, and making it easy to report security incidents.
We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program—@Ammar Askar!
In this post, I’ll exploit CVE-2023-4069, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
CVE-2023-43641 is a vulnerability in libcue, which can lead to code execution by downloading a file on GNOME.
How to get the security basics right at your organization.
For this year’s Cybersecurity Awareness Month, the GitHub bug bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@inspector-ambitious!
Build what’s next on GitHub, the place for anyone from anywhere to build anything.