GitHub

259 readers
1 users here now

A community for discussion and posts relating to github https://github.com/

founded 2 years ago
MODERATORS
pylapp@programming.dev
listing: all - local
1
3
Community Tools Bring Lockfile Support to GitHub Actions (nesbitt.io)
submitted 5 days ago by codeinabox@programming.dev to c/github@programming.dev
0 comments fedilink
2
2
CodeQL 2.23.7 and 2.23.8 add security queries for Go and Rust (github.blog)
submitted 2 weeks ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
3
3
Teams management now moved to Settings (github.blog)
submitted 2 weeks ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
4
3
GitHub bends to criticism and delays paid self-hosting of runners (www.techzine.eu)
submitted 2 weeks ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
5
1
Dependabot version updates now support Julia (github.blog)
submitted 2 weeks ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
6
1
Dependabot version updates now support Bazel (github.blog)
submitted 2 weeks ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
7
2
Dependabot version updates now support OpenTofu (github.blog)
submitted 2 weeks ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
8
3
Dependabot security updates now support uv (github.blog)
submitted 2 weeks ago by nemeski@mander.xyz to c/github@programming.dev
1 comments fedilink
9
1
Review commit-by-commit, improved filtering, and more in the pull request "Files changed" public preview (github.blog)
submitted 3 weeks ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
10
2
Better diagnostics for VNET injected runners and required self-hosted runner upgrades (github.blog)
submitted 3 weeks ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
11
1
Post as Admin now available in GitHub Discussions (github.blog)
submitted 3 weeks ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
12
2
Repository custom properties: GraphQL API and URL type (github.blog)
submitted 3 weeks ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
13
3
npm classic tokens revoked, session-based auth and CLI token management now available (github.blog)
submitted 3 weeks ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
14
1
Notifications triggered by spam accounts are now correctly hidden (github.blog)
submitted 1 month ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
 
 
15
1
CodeQL 2.23.6 adds Swift 6.2.1 and new C# security queries (github.blog)
submitted 1 month ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
16
0
Assign issues to Copilot using the API (github.blog)
submitted 1 month ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
17
3
Secret scanning updates — November 2025 (github.blog)
submitted 1 month ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
18
1
Block repository administrators from installing GitHub Apps on their own now generally available (github.blog)
submitted 1 month ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
19
-1
Secret scanning alert assignees, security campaigns are generally available (github.blog)
submitted 1 month ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
20
3
Code scanning default setup bypasses GitHub Actions policy blocks (github.blog)
submitted 1 month ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
21
8
Secrets in unlisted GitHub gists are reported to secret scanning partners (github.blog)
submitted 1 month ago by nemeski@mander.xyz to c/github@programming.dev
1 comments fedilink
22
9
Shai-Hulud round 2 on GitHub, massive leaks of data and propagation of stealer (about.gitlab.com)
submitted 1 month ago by pylapp@programming.dev to c/github@programming.dev
0 comments fedilink
 
 

"Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables.

The malicious code exfiltrates the stolen information by creating a GitHub Action runner named SHA1HULUD, and a GitHub repository description Sha1-Hulud: The Second Coming.. This suggests it may be the same attacker behind the "Shai-Hulud" attack observed in September 2025.

And now, over 27,000 GitHub repositories were infected."

Other source with list of compromised package available

23
2
Automated NPM secret rotation in GitHub Actions (michaelheap.com)
submitted 1 month ago by codeinabox@programming.dev to c/github@programming.dev
0 comments fedilink
24
2
CodeQL 2.23.5 adds support for Swift 6.2, new Java queries, and improved analysis accuracy (github.blog)
submitted 1 month ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
25
3
Removing notifications for @mentions in commit messages (github.blog)
submitted 1 month ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
view more: next ›