GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations.

The GitHub OAuth attack exposed a security blind spot in the ever-growing web of permissions spanning developers, service ...

GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories.

Salesforce said that, once notified by GitHub last Wednesday, it disabled the compromised OAuth tokens and the account that they came from.

GitHub revealed details tied to last week’s incident where hackers, using stolen OAuth tokens, downloaded data from private repositories.

A Russian researcher was able to take five low severity OAuth bugs and string them together to create what he calls a “simple but high severity exploit” in Github.

An attacker who used stolen OAuth open standard authentication tokens from Heroku and Travis-CI was able to download private repositories and source code ahead of the Easter holidays.

Salesloft and Mandiant continue to investigate the hack that compromised some of the globe’s biggest cyber security firms, as ...

ShinyHunters compromised Google, Qantas & dozens more using OAuth device flow attacks—bypassing MFA without exploiting a single software bug. My deep-dive analysis reveals how they did it and what ...

The popular Nx build system, boasting 4 million downloads each week, was exploited in the first supply chain breach to use AI ...