The GitHub OAuth attack exposed a security blind spot in the ever-growing web of permissions spanning developers, service ...

GitHub revealed details tied to last week’s incident where hackers, using stolen OAuth tokens, downloaded data from private repositories.

GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories.

GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations.

A Russian researcher was able to take five low severity OAuth bugs and string them together to create what he calls a “simple but high severity exploit” in Github.

The popular Nx build system, boasting 4 million downloads each week, was exploited in the first supply chain breach to use AI ...

Salesforce said that, once notified by GitHub last Wednesday, it disabled the compromised OAuth tokens and the account that they came from.

Heroku to begin user password reset almost a month after GitHub OAuth token theft Heroku users urged to change password now before company does so, and notes it will wipe out all API access tokens.