The Register on MSN

GitHub moves to tighten npm security amid phishing, malware plague

Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing GitHub, which owns the npm registry ...
The Hacker News

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
Bleeping Computer

Over 12 million auth secrets and keys leaked on GitHub in 2023

GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. This is ...
TechCrunch

GitHub Copilot crosses 20M all-time users

GitHub Copilot, an AI coding tool offered by Microsoft-owned GitHub, has now reached more than 20 million users, Microsoft CEO Satya Nadella said on the company’s earnings call Wednesday. A GitHub ...
TheServerSide

A GitHub Pages tutorial on how to host personal websites

GitHub users are often surprised that their project wiki won't be indexed by Google. But the Git-based cloud service does offer an alternative. If someone needs a website hosting service, they can ...
Bleeping Computer

Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator

The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has ...
TechCrunch

GitHub Copilot introduces new limits, charges for ‘premium’ AI models

GitHub Copilot, Microsoft-owned GitHub’s AI coding assistant, could soon become costlier for some users. On Friday, GitHub announced “premium requests” for GitHub Copilot, a new system that imposes ...