-
Microsoft sued for open-source piracy through GitHub Copilot
Programmer and lawyer Matthew Butterick has sued Microsoft, GitHub, and OpenAI, alleging that GitHub's Copilot violates the terms of open-source licenses and infringes the rights of code authors.
- November 05, 2022
- 10:07 AM
5
-
Dropbox discloses breach after hacker stole 130 GitHub repositories
Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack.
- November 01, 2022
- 05:15 PM
0
-
Massive cryptomining campaign abuses free-tier cloud dev resources
An automated and large-scale 'freejacking' campaign abuses free GitHub, Heroku, and Buddy services to mine cryptocurrency at the provider's expense.
- October 25, 2022
- 11:39 AM
- 0
-
Thousands of GitHub repositories deliver fake PoC exploits with malware
Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware.
- October 23, 2022
- 11:15 AM
- 1
-
LofyGang hackers built a credential-stealing enterprise on Discord, NPM
A threat group using the name 'LofyGang', operating since 2020, is considered responsible for creating and distributing over 200 malicious packages on multiple code hosting platforms, including GitHub and NPM.
- October 07, 2022
- 09:00 AM
- 1
-
npm packages used by crypto exchanges compromised
Multiple npm packages published by the crypto exchange, dYdX, and used by at least 44 cryptocurrency projects, appear to have been compromised. Powered by the Ethereum blockchain, dydX is a decentralized exchange platform offering perpetual trading options for over 35 popular cryptocurrencies including Bitcoin (BTC) and Ether (ETH).
- September 23, 2022
- 12:31 PM
- 0
-
Hackers stealing GitHub accounts using fake CircleCI notifications
GitHub is warning of an ongoing phishing campaign that started on September 16 and is targeting its users with emails that impersonate the CircleCI continuous integration and delivery platform.
- September 22, 2022
- 09:40 AM
- 0
-
GitHub's new privacy policy sparks backlash over tracking cookies
Developers are furious at GitHub's upcoming privacy policy changes that would allow GitHub to place tracking cookies on some of its subdomains. The Microsoft subsidiary announced this month, it would be adding "non-essential cookies" on some marketing web pages starting in September, and offered a 30-day "comment period."
- August 11, 2022
- 03:45 AM
- 3
-
35,000 code repos not hacked—but clones flood GitHub to serve malware
Thousands of GitHub repositories were cloned and altered to include malware, a software engineer discovered.
- August 03, 2022
- 05:11 AM
- 1
-
GitHub introduces 2FA and quality of life improvements for npm
GitHub has announced the general availability of three significant improvements to npm (Node Package Manager), aiming to make using the software more secure and manageable.
- July 27, 2022
- 10:29 AM
- 0
-
GitHub: Attackers stole login details of 100K npm user accounts
GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and Travis-CI.
- May 27, 2022
- 02:40 PM
- 0
-
GitHub announces enhanced 2FA experience for npm accounts
Today, GitHub has launched a new public beta to notably improve the two-factor authentication (2FA) experience for all npm user accounts.
- May 10, 2022
- 03:48 PM
- 0
-
npm package with 1.4M weekly downloads ditches npmjs.com for own CDN
In a surprising move, the popular open source project, SheetJS aka "xlsx," has dropped support for the npm registry. Downloaded about 1.4 million times every week on npm, SheetJS is relied upon by NodeJS developers looking to craft and parse Excel spreadsheets using nothing but JavaScript.
- May 06, 2022
- 05:06 AM
- 2
-
Heroku admits that customer credentials were stolen in cyberattack
Heroku has now revealed that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal customer database. The Salesforce-owned cloud platform acknowledged the same compromised token was used by attackers to exfiltrate customers' hashed and salted passwords from "a database."
- May 05, 2022
- 04:06 AM
- 0
-
Heroku forces user password resets but fails to explain why
Salesforce-owned Heroku is performing a forced password reset on a subset of user accounts in response to last month's security incident while providing no information as to why they are doing so other than vaguely mentioning it is to further secure accounts.
- May 04, 2022
- 01:57 PM
- 0
-
GitHub to require 2FA from active developers by the end of 2023
GitHub announced today that all users who contribute code on its platform (an estimated 83 million developers in total) will be required to enable two-factor authentication (2FA) on their accounts by the end of 2023.
- May 04, 2022
- 11:00 AM
- 3
-
GitHub: How stolen OAuth tokens helped breach dozens of orgs
GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations.
- April 27, 2022
- 05:04 PM
- 0
-
GitHub notifies owners of private repos stolen using OAuth tokens
GitHub says it notified all organizations believed to have had data stolen from their private repositories by attackers abusing compromised OAuth user tokens issued to Heroku and Travis-CI.
- April 19, 2022
- 12:55 PM
- 0
-
GitHub suspends accounts of Russian devs at sanctioned companies
Russian software developers are reporting that their GitHub accounts are being suspended without warning if they work for or previously worked for companies under US sanctions.
- April 16, 2022
- 10:04 AM
- 8
-
GitHub: Attacker breached dozens of orgs using stolen OAuth tokens
GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories.
- April 15, 2022
- 07:09 PM
- 0
-
Remove the Theonlinesearch.com Search Redirect
Filed Under: Adware -
Remove the Smartwebfinder.com Search Redirect
Filed Under: Adware -
How to remove the PBlock+ adware browser extension
Filed Under: Adware -
Remove the Toksearches.xyz Search Redirect
Filed Under: Adware -
Remove the Smashapps.net Search Redirect
Filed Under: Adware
-
Version: 9.0.3.0106,396 Downloads
-
Version: 18.0.7.562,878 Downloads
-
Version: 8.4.0.056M+ Downloads
-
Version: 5.1.25M+ Downloads
-
Version: 4.14.12M+ Downloads
