Bleeping Computer

GitHub now supports security keys when using Git over SSH

GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts. Researchers at North Carolina State University (NCSU) found [PDF ...
Bleeping Computer

GitHub rotates keys to mitigate impact of credential-exposing flaw

GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. This unsafe ...
ZDNet

GitHub shifts away from passwords with security key support for SSH Git operations

When you add a security key to SSH operations, you can use these devices to protect you and your account from accidental exposure, account hijacking, or malware, GitHub security engineer Kevin Jones ...
ZDNet

Over 100,000 GitHub repos have leaked API or cryptographic keys

A scan of billions of files from 13 percent of all GitHub public repositories over a period of six months has revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with ...
CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...