Bleeping Computer

GitHub restores popular Python repo hit by bogus DMCA takedown

Yesterday, following a DMCA complaint from HackerRank, GitHub took down a repository that hosts the official SymPy project documentation website. First released fifteen years ago, SymPy is an open ...
Cybernews

Unprecedented GitHub hacking spree: “security research” AI bot compromises major repos ...

Five major GitHub repositories targeted by the autonomous AI bot “hackerbot-claw” were compromised through various injection ...
Neowin

Google launches Gemini CLI GitHub Actions for automating PR reviews, issue triage, and more

Google has released Gemini CLI GitHub Actions, built on Gemini CLI, to help automate tasks like issue triage and pull request reviews in your repo. Google has announced Gemini CLI GitHub Actions, ...
Dark Reading

Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines

An attacker submitting changes to an open source repository on GitHub could cause downstream software projects that include the latest version of a component to compile updates with malicious code.
CSOonline

GhostAction campaign steals 3325 secrets in GitHub supply chain attack

GitGuardian has disclosed a new software supply chain attack campaign, dubbed GhostAction, that exfiltrated thousands of sensitive credentials before being detected and contained on September 5. The ...