InfoQ

How GitHub Built Sub-Issues into Its Issue Tracking System

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Vivek Yadav, an engineering manager from ...
The Hacker News

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A misconfigured AWS CodeBuild webhook allowed bypass of actor ID checks, risking takeover of four AWS GitHub repositories before fixes in Sep 2025.
heise online

Attack via GitHub MCP server: Access to private data

A blog post by AI security company Invariant Labs shows that the official GitHub MCP server (Model Context Protocol) can invite prompt injection attacks. In a proof of concept, an attacker used a ...
Bleeping Computer

Clever 'GitHub Scanner' campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to ...
Infosecurity-magazine.com

Phishing Tool GoIssue Targets Developers on GitHub

A new phishing tool named “GoIssue” has surfaced on a cybercrime forum, posing a significant threat to GitHub users and the broader software development community. This tool enables cybercriminals to ...

Critical AWS supply chain vulnerability could have let hackers take over key GitHub repositories

The vulnerability was spotted in August 2025, so users should patch now.