Security Boulevard

2-Legged vs 3-Legged OAuth: Which Flow Fits Your Use Case?

Learn when to use 2-legged vs 3-legged OAuth flows for your authentication needs. Discover security vulnerabilities, implementation patterns, and how Workload Identity Federation eliminates credential ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
ZDNet

GitHub enables two-factor authentication mechanism through iOS, Android app

GitHub announced that two-factor authentication will be available to all users through GitHub Mobile this week. In a blog post, GitHub's Berk Veral said GitHub Mobile 2FA will be available to all ...
Bleeping Computer

GitHub can now auto-block commits containing API keys, auth tokens

GitHub has announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to block secret leaks automatically. Secret scanning is ...
Wired

GitHub’s Hardcore Plan to Roll Out Mandatory Two-Factor

You’ve heard the advice for years: Turn on two-factor authentication everywhere it’s offered. It’s long been clear that using only a username and password to ...
Threat Post

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...
VentureBeat

Hackers use stolen OAuth access tokens to breach dozens of organization’s internal systems

Join the event trusted by enterprise leaders for nearly two decades. VB Transform brings together the people building real enterprise AI strategy. Learn more Last week, GitHub Security researchers ...