GitHub suffers from over 100K infected repos

Developers face a major security threat as over 100,000 repositories on GitHub are infected with malicious code.

This resurgence of a malicious repo confusion campaign – detected by Apiiro’s security researchers – has impacted countless developers who unwittingly use repositories they believe to be trusted but are, in fact, compromised.

Similar to dependency confusion attacks – which exploit package managers – repo confusion attacks rely on human error,...

29 February 2024 | Developer

GitHub incentivises open-source investments with sponsor-only repos

GitHub is launching private repositories that only sponsors have access to, helping to incentivise open-source investments.

Open-source mostly relies on developers voluntarily giving up their time to build and improve projects. Priority is naturally given to work that helps to keep a roof over their heads and food on the table—meaning that open-source projects can be underdeveloped at best or be left with devastating vulnerabilities at worst.

A growing number of...

3 February 2022 | Git