CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
TechCrunch

Four years after being acquired by Microsoft, GitHub keeps doing its thing

It’s been four years to the day since Microsoft closed its acquisition of GitHub, which at the time was mostly a code repository. Today’s GitHub looks quite a bit different, now that it added CI/CD ...