All InfoSec / Cybersecurity News from The GitHub Blog: Security News and Updates | allinfosecnews.com

Latest
Top

Getting RCE in Chrome with incorrect side effect in the JIT compiler 17 hours ago | github.blog

chrome code code execution compiler +13

The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects 5 days, 11 hours ago | github.blog

audits cves down fix +13

Passkeys are generally available 5 days, 16 hours ago | github.blog

2fa authentication blog github +7

Announcing general availability of GitHub Advanced Security for Azure DevOps 6 days, 17 hours ago | github.blog

advanced availability azure azure-devops +18

Introducing auto-triage rules for Dependabot 1 week, 5 days ago | github.blog

alerts auto blog custom rules +10

CodeQL team uses AI to power vulnerability detection in code 2 weeks ago | github.blog

analysis blog code codeql +15

A faster way to manage version updates with Dependabot 1 month ago | github.blog

blog dependabot github manage +7

mTLS: When certificate authentication is done wrong 1 month, 1 week ago | github.blog

attacks authentication blog certificate +18

Hardening repositories against credential theft 1 month, 1 week ago | github.blog

access access tokens accounts actions +19

Nine years of the GitHub Security Bug Bounty program 1 month, 1 week ago | github.blog

blog bounty bug bug bounty +6

Enhanced push protection features for developers and organizations 1 month, 2 weeks ago | github.blog

blog developers enable features +13

Four tips to keep your GitHub Actions workflows secure 1 month, 2 weeks ago | github.blog

actions blog command command injection +11

Closing vulnerabilities in Decidim, a Ruby-based citizen participation platform 1 month, 4 weeks ago | github.blog

blog blog post digital github security lab +10

GitHub Repository Rules are now generally available 2 months ago | github.blog

code github product repositories +5

Security alert: social engineering campaign targets technology industry employees 2 months, 1 week ago | github.blog

accounts actor alert blog +23

Introducing passwordless authentication on GitHub.com 2 months, 2 weeks ago | github.blog

2fa authentication beta github +10

GitHub achieves ISO/IEC 27701:2019, 27018:2019, and CSA STAR certifications 2 months, 3 weeks ago | github.blog

best practices certifications certified cloud +23

Introduction to SELinux 2 months, 3 weeks ago | github.blog

access access control components control +16

New tool to secure your GitHub Actions 3 months ago | github.blog

actions control github github actions +8

CodeQL zero to hero part 2: getting started with CodeQL 3 months, 1 week ago | github.blog

analysis basics blog codeql +10

GitHub’s revamped VIP Bug Bounty Program 3 months, 2 weeks ago | github.blog

access bounty bug bug bounty +9

Swift support brings broader mobile application security to GitHub Advanced Security 3 months, 2 weeks ago | github.blog

advanced android application application development +24

Rooting with root cause: finding a variant of a Project Zero bug 4 months ago | github.blog

android app arm blog +16

Announcing the public preview of GitHub Advanced Security for Azure DevOps 4 months ago | github.blog

advanced application application security application security testing +17

How to fix a ReDoS 4 months, 2 weeks ago | github.blog

blog blog post bugs code +10

Push protection is generally available, and free for all public repositories 4 months, 2 weeks ago | github.blog

availability community free general +13

Manage your application security stack effectively with the tool status page 4 months, 3 weeks ago | github.blog

application application security arsenal bird +12

Dependabot relieves alert fatigue from npm devDependencies 4 months, 3 weeks ago | github.blog

alert alert fatigue alerts auto +11

Git security vulnerabilities announced 5 months ago | github.blog

address git github latest +5

Private vulnerability reporting now generally available 5 months, 1 week ago | github.blog

best practice fix maintainers open source +12

Introducing npm package provenance 5 months, 1 week ago | github.blog

build github actions link npm +8

Multi-repository enablement: effortlessly scale code scanning across your repositories 5 months, 1 week ago | github.blog

click code codeql code scanning +12

Generative AI-enabled compliance for software development 5 months, 2 weeks ago | github.blog

ai ai-enabled artificial intelligence compliance +11

Pwning Pixel 6 with a leftover patch 5 months, 2 weeks ago | github.blog

android app arm change +17

Level up monitoring and reporting for your enterprise 5 months, 3 weeks ago | github.blog

accountability audit compliance enterprise +8

CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research 5 months, 3 weeks ago | github.blog

analysis blog blog post codeql +16

Improvements to CodeQL’s data flow library for C++ 5 months, 3 weeks ago | github.blog

authors codeql data enable +7

Introducing self-service SBOMs 5 months, 4 weeks ago | github.blog

cloud compliance dependency graph developers +9

We updated our RSA SSH host key 6 months ago | github.blog

git github github.com host +6

Build a secure code mindset with the GitHub Secure Code Game 6 months ago | github.blog

art build code education +13

Introducing GitHub vulnerability management integrations for security professionals 6 months, 2 weeks ago | github.blog

advanced alerts check github +13

Raising the bar for software security: GitHub 2FA begins March 13 6 months, 2 weeks ago | github.blog

2fa authentication code contribute +18

Multi-repository variant analysis: a powerful new way to perform security research across GitHub 6 months, 2 weeks ago | github.blog

analysis codeql code scanning find +12

Application security orchestration with GitHub Advanced Security 6 months, 2 weeks ago | github.blog

actions advanced application application security +18

GitHub Security Lab audited DataHub: Here’s what they found 6 months, 3 weeks ago | github.blog

access authentication authorization bypass +11

Secret scanning alerts are now available (and free) for all public repositories 6 months, 4 weeks ago | github.blog

alert alerts click experience +9

3 ways to meet compliance needs without slowing down agility 7 months ago | github.blog

business code scanning collaboration compliance +12

The code that wasn’t there: Reading memory on an Android device by accident 7 months ago | github.blog

accident android android device application +20

ICYMI: CodeQL enhancements 7 months, 1 week ago | github.blog

applications codeql code scanning detect +9

Git security vulnerabilities announced 7 months, 1 week ago | github.blog

git latest open source patches +6

How to mitigate OWASP vulnerabilities while staying in the flow 7 months, 2 weeks ago | github.blog

address advanced devsecops flow +8

Action needed for GitHub Desktop and Atom users 7 months, 3 weeks ago | github.blog

action atom desktop february +6

Bypassing OGNL sandboxes for fun and charities 7 months, 4 weeks ago | github.blog

apache apache struts applications atlassian +19

Introducing the GitHub Bug Bounty swag store 8 months ago | github.blog

addition bounty bug bug bounty +7

Pwning the all Google phone with a non-Google bug 8 months ago | github.blog

android android app android security app +24

Unlocking security updates for transitive dependencies with npm 8 months, 1 week ago | github.blog

address dependabot dependencies engineering +7

Remediation made simple: Introducing new validity checks for GitHub tokens 8 months, 1 week ago | github.blog

application security community github remediation +6

Dependabot alerts are now visible to more developers 8 months, 1 week ago | github.blog

access alerts compliance default +8

Git security vulnerabilities announced 8 months, 1 week ago | github.blog

archive git gui latest +9

A smarter, quieter Dependabot 8 months, 2 weeks ago | github.blog

bot compliance dependabot noise +3

Announcing general availability of GitHub Advanced Security for Azure DevOps 6 days, 17 hours ago | github.blog

advanced availability azure azure-devops +18

Passkeys are generally available 5 days, 16 hours ago | github.blog

2fa authentication blog github +7

Getting RCE in Chrome with incorrect side effect in the JIT compiler 17 hours ago | github.blog

chrome code code execution compiler +13

The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects 5 days, 11 hours ago | github.blog

audits cves down fix +13

Items published with this topic over the last 90 days.

Latest

Getting RCE in Chrome with incorrect side effect in the JIT compiler 17 hours ago | github.blog

chrome code code execution compiler +13

The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects 5 days, 11 hours ago | github.blog

audits cves down fix +13

Passkeys are generally available 5 days, 16 hours ago | github.blog

2fa authentication blog github +7

Announcing general availability of GitHub Advanced Security for Azure DevOps 6 days, 17 hours ago | github.blog

advanced availability azure azure-devops +18

Introducing auto-triage rules for Dependabot 1 week, 5 days ago | github.blog

alerts auto blog custom rules +10

CodeQL team uses AI to power vulnerability detection in code 2 weeks ago | github.blog

analysis blog code codeql +15

A faster way to manage version updates with Dependabot 1 month ago | github.blog

blog dependabot github manage +7

mTLS: When certificate authentication is done wrong 1 month, 1 week ago | github.blog

attacks authentication blog certificate +18

Hardening repositories against credential theft 1 month, 1 week ago | github.blog

access access tokens accounts actions +19

Nine years of the GitHub Security Bug Bounty program 1 month, 1 week ago | github.blog

blog bounty bug bug bounty +6

Enhanced push protection features for developers and organizations 1 month, 2 weeks ago | github.blog

blog developers enable features +13

Four tips to keep your GitHub Actions workflows secure 1 month, 2 weeks ago | github.blog

actions blog command command injection +11

Closing vulnerabilities in Decidim, a Ruby-based citizen participation platform 1 month, 4 weeks ago | github.blog

blog blog post digital github security lab +10

GitHub Repository Rules are now generally available 2 months ago | github.blog

code github product repositories +5

Security alert: social engineering campaign targets technology industry employees 2 months, 1 week ago | github.blog

accounts actor alert blog +23

Introducing passwordless authentication on GitHub.com 2 months, 2 weeks ago | github.blog

2fa authentication beta github +10

GitHub achieves ISO/IEC 27701:2019, 27018:2019, and CSA STAR certifications 2 months, 3 weeks ago | github.blog

best practices certifications certified cloud +23

Introduction to SELinux 2 months, 3 weeks ago | github.blog

access access control components control +16

New tool to secure your GitHub Actions 3 months ago | github.blog

actions control github github actions +8

CodeQL zero to hero part 2: getting started with CodeQL 3 months, 1 week ago | github.blog

analysis basics blog codeql +10

GitHub’s revamped VIP Bug Bounty Program 3 months, 2 weeks ago | github.blog

access bounty bug bug bounty +9

Swift support brings broader mobile application security to GitHub Advanced Security 3 months, 2 weeks ago | github.blog

advanced android application application development +24

Rooting with root cause: finding a variant of a Project Zero bug 4 months ago | github.blog

android app arm blog +16

Announcing the public preview of GitHub Advanced Security for Azure DevOps 4 months ago | github.blog

advanced application application security application security testing +17

How to fix a ReDoS 4 months, 2 weeks ago | github.blog

blog blog post bugs code +10

Push protection is generally available, and free for all public repositories 4 months, 2 weeks ago | github.blog

availability community free general +13

Manage your application security stack effectively with the tool status page 4 months, 3 weeks ago | github.blog

application application security arsenal bird +12

Dependabot relieves alert fatigue from npm devDependencies 4 months, 3 weeks ago | github.blog

alert alert fatigue alerts auto +11

Git security vulnerabilities announced 5 months ago | github.blog

address git github latest +5

Private vulnerability reporting now generally available 5 months, 1 week ago | github.blog

best practice fix maintainers open source +12

Introducing npm package provenance 5 months, 1 week ago | github.blog

build github actions link npm +8

Multi-repository enablement: effortlessly scale code scanning across your repositories 5 months, 1 week ago | github.blog

click code codeql code scanning +12

Generative AI-enabled compliance for software development 5 months, 2 weeks ago | github.blog

ai ai-enabled artificial intelligence compliance +11

Pwning Pixel 6 with a leftover patch 5 months, 2 weeks ago | github.blog

android app arm change +17

Level up monitoring and reporting for your enterprise 5 months, 3 weeks ago | github.blog

accountability audit compliance enterprise +8

CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research 5 months, 3 weeks ago | github.blog

analysis blog blog post codeql +16

Improvements to CodeQL’s data flow library for C++ 5 months, 3 weeks ago | github.blog

authors codeql data enable +7

Introducing self-service SBOMs 5 months, 4 weeks ago | github.blog

cloud compliance dependency graph developers +9

We updated our RSA SSH host key 6 months ago | github.blog

git github github.com host +6

Build a secure code mindset with the GitHub Secure Code Game 6 months ago | github.blog

art build code education +13

Introducing GitHub vulnerability management integrations for security professionals 6 months, 2 weeks ago | github.blog

advanced alerts check github +13

Raising the bar for software security: GitHub 2FA begins March 13 6 months, 2 weeks ago | github.blog

2fa authentication code contribute +18

Multi-repository variant analysis: a powerful new way to perform security research across GitHub 6 months, 2 weeks ago | github.blog

analysis codeql code scanning find +12

Application security orchestration with GitHub Advanced Security 6 months, 2 weeks ago | github.blog

actions advanced application application security +18

GitHub Security Lab audited DataHub: Here’s what they found 6 months, 3 weeks ago | github.blog

access authentication authorization bypass +11

Secret scanning alerts are now available (and free) for all public repositories 6 months, 4 weeks ago | github.blog

alert alerts click experience +9

3 ways to meet compliance needs without slowing down agility 7 months ago | github.blog

business code scanning collaboration compliance +12

The code that wasn’t there: Reading memory on an Android device by accident 7 months ago | github.blog

accident android android device application +20

ICYMI: CodeQL enhancements 7 months, 1 week ago | github.blog

applications codeql code scanning detect +9

Git security vulnerabilities announced 7 months, 1 week ago | github.blog

git latest open source patches +6

How to mitigate OWASP vulnerabilities while staying in the flow 7 months, 2 weeks ago | github.blog

address advanced devsecops flow +8

Action needed for GitHub Desktop and Atom users 7 months, 3 weeks ago | github.blog

action atom desktop february +6

Bypassing OGNL sandboxes for fun and charities 7 months, 4 weeks ago | github.blog

apache apache struts applications atlassian +19

Introducing the GitHub Bug Bounty swag store 8 months ago | github.blog

addition bounty bug bug bounty +7

Pwning the all Google phone with a non-Google bug 8 months ago | github.blog

android android app android security app +24

Unlocking security updates for transitive dependencies with npm 8 months, 1 week ago | github.blog

address dependabot dependencies engineering +7

Remediation made simple: Introducing new validity checks for GitHub tokens 8 months, 1 week ago | github.blog

application security community github remediation +6

Dependabot alerts are now visible to more developers 8 months, 1 week ago | github.blog

access alerts compliance default +8

Git security vulnerabilities announced 8 months, 1 week ago | github.blog

archive git gui latest +9

A smarter, quieter Dependabot 8 months, 2 weeks ago | github.blog

bot compliance dependabot noise +3

Top (last 7 days)

Announcing general availability of GitHub Advanced Security for Azure DevOps 6 days, 17 hours ago | github.blog

advanced availability azure azure-devops +18

Passkeys are generally available 5 days, 16 hours ago | github.blog

2fa authentication blog github +7

Getting RCE in Chrome with incorrect side effect in the JIT compiler 17 hours ago | github.blog

chrome code code execution compiler +13

The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects 5 days, 11 hours ago | github.blog

audits cves down fix +13

Business Information Security Officer

@ Metrolink | Los Angeles, CA

View on infosec-jobs.com

Senior Security Engineer

@ Freedom of the Press Foundation | Remote, 4 hour time zone overlap with New York City

View on infosec-jobs.com

Security Engineer

@ ChartMogul | Remote, EU

View on infosec-jobs.com

Elastic Consultant - EMEA

@ Elasticsearch | Germany

View on infosec-jobs.com

Software Development Engineer, Security

@ Binance | Romania, Bucharest

View on infosec-jobs.com

Digital Network Exploitation Analyst III

@ Aperio Global, LLC | Fort Meade, Maryland, United States

View on infosec-jobs.com