GitHub marks its one-billionth repository with a project aptly named 'shit', sparking widespread amusement and official ...

The majority of Direct File's source code is now public, in part thanks to free software advocates.

Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and ...

Security researcher Sharon Brizinov earned $64,000 in bug bounties after finding hundreds of secrets leaking in dozens of public GitHub repositories. What makes Brizinov’s findings special is that the ...

Spotbug is a tool for static analysis that identifies bugs in Java code, maintained by RD_MNTNR, who was also an active maintainer in reviewdog, an automated code review and testing GitHub project ...

Threat actors used a personal access token (PAT) compromised in December 2024 to mount the March 2025 supply chain attack targeting GitHub Actions, Palo Alto Networks reports. On March 14, the code of ...

The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects ...

Rather than locking a specific version of the query pack in the CodeQL configuration file, GitHub’s security team opted to manage versioning through GCR. This approach allows repositories to ...

A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj ...

A hotel management system, made using object-oriented programming, multi-threading and file-handling in Java, that keeps records of guests & their bookings, rooms, admins, staff, etc. Discover the ...