All CosmicBytez Labs articles tagged #GitHub, across news, security advisories, how-to guides, and projects.
Microsoft publicly condemned unauthorized zero-day disclosures as 'never justifiable' after a security researcher published working proof-of-concept...
Microsoft condemns uncoordinated public zero-day disclosure, urging the security community to adopt CVD after removing a researcher's GitHub account.
Cybersecurity researchers have uncovered Megalodon, an automated attack campaign that pushed 5,718 malicious commits to over 5,500 GitHub repositories in...
Grafana confirmed attackers stole internal source code and data after a GitHub token compromised in the TanStack npm supply chain attack was never...
A supply chain attack targeting Laravel Lang localization packages has exposed developers to credential-stealing malware after attackers abused GitHub...
GitHub has rolled out new security controls for npm including staged publishing with 2FA approval requirements and package install policies, giving...
GitHub has confirmed that hackers who stole 3,800 internal repositories gained access through a malicious version of the Nx Console VS Code extension...
GitHub is investigating unauthorized access to thousands of internal repositories after an employee device was compromised through the TanStack npm supply...
GitHub has officially confirmed it was breached by the TeamPCP threat actor after the group advertised stolen internal source code on a cybercrime forum....
GitHub has confirmed a data breach in which the TeamPCP threat actor stole approximately 4,000 internal repositories. The company states no customer data...
GitHub is investigating unauthorized access to its internal repositories after the TeamPCP threat actor listed approximately 4,000 GitHub internal repos...
Grafana Labs has revealed that its May 2026 source code breach was caused by a single GitHub workflow token that was inadvertently missed during the token...
Grafana Labs confirms its GitHub environment was breached through the TanStack npm supply chain attack, exposing public and private source code...
Grafana has confirmed a security breach after the Coinbase Cartel cybercrime group — linked to ShinyHunters, Scattered Spider, and Lapsus$ — claimed to...
Grafana Labs confirmed that hackers downloaded its source code after breaching its GitHub environment using a stolen access token. The attackers attempted...
Grafana has disclosed that an unauthorized party obtained a GitHub access token, used it to download the company's entire codebase, and then attempted...
A critical remote code execution vulnerability, CVE-2026-3854, was found to impact GitHub.com and GitHub Enterprise Server, potentially exposing millions...
GitHub has patched CVE-2026-3854, a critical remote code execution vulnerability exploitable via a single HTTP request that could have granted attackers...
Cybersecurity researchers have disclosed a critical remote code execution vulnerability in GitHub.com and GitHub Enterprise Server that allows an...
ShinyHunters hits Medtronic and ADT in the same week, exposing millions of records; a critical one-push RCE lands in GitHub; LiteLLM's pre-auth SQL...
Checkmarx has confirmed that data from its GitHub repositories has been published on the dark web following an investigation into the March 23 supply...
Zscaler ThreatLabz has uncovered a Tropic Trooper (APT23) campaign that delivers the AdaptixC2 post-exploitation beacon via trojanized SumatraPDF...
Threat actors are capitalising on the Claude Code source code leak by creating fake GitHub repositories that impersonate the leaked source to deliver...
GitGuardian's State of Secrets Sprawl 2026 report found 29 million new hardcoded secrets in public GitHub repositories in 2025 alone — a 34%...
The GlassWorm threat actor has launched a new sub-campaign called ForceMemo, using stolen GitHub tokens to silently force-push malware into hundreds of...
Threat actor UNC6426 leveraged stolen credentials from last year's nx npm supply chain attack to achieve full AWS administrator access at a victim...
A Russian state-sponsored APT group dubbed ChainReaver-L compromised trusted file-sharing mirrors and 50 long-established GitHub accounts to distribute...