Wired

GitHub’s Hardcore Plan to Roll Out Mandatory Two-Factor

You’ve heard the advice for years: Turn on two-factor authentication everywhere it’s offered. It’s long been clear that using only a username and password to ...
Bleeping Computer

GitHub revokes code signing certificates stolen in repo hack

GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories.
The Hacker News

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Tropic Trooper used trojanized SumatraPDF and GitHub C2 in 2024 to deploy AdaptixC2, enabling covert VS Code tunnel access.
Bloomberg L.P.

Purported Leaks Show Global Reach of China-Sponsored Hacking

A huge trove of documents on GitHub appeared to outline in extraordinary detail the scope of China’s state-sponsored cyberattacks on foreign governments, transfixing the global security community.