GitHub

Latest GitHub news, announcements & analysis

AI
GitHub Copilot CLI Now Understands Your Entire Codebase
GitHub's Copilot for the command line is getting a major upgrade. It now uses the same technology that powers code editors to provide smarter, more accurate suggestions, making it a far more powerful tool for developers.
Neeraj Dhiman · 3d ago
Infra
Microsoft Urges Move to GitHub Despite Outages
Microsoft is pushing enterprises to switch from Azure Repos to GitHub. The recommendation comes despite GitHub's recent history of major outages, forcing IT leaders to weigh new features against platform stability.
Ashish Kale · 4d ago
AI
GitHub Cuts AI Agent Token Costs
GitHub reduced token consumption in its AI-powered CI workflows by up to 62%. The company achieved this by removing unused tools, replacing API calls with its CLI, and deploying daily automated agents to audit and optimize usage, offering a model for others to follow.
Neeraj Dhiman · 1w ago
Security
GitHub Actions Attack Steals Credentials
A popular GitHub Actions workflow, `actions-cool/issues-helper`, has been compromised in a supply chain attack. Attackers altered repository tags to point to malicious code designed to steal sensitive credentials from CI/CD environments and send them to an external server.
Neeraj Dhiman · 3w ago
Security
CISA Credentials Found In Public Repo
The US Cybersecurity and Infrastructure Agency (CISA) accidentally exposed sensitive credentials, including plaintext passwords and SSH keys, in a public GitHub repository. The repository, discovered by security firm GitGuardian, was accessible for an extended period before being taken offline after a security researcher reported the issue.
Neeraj Dhiman · 3w ago
Security
CISA Contractor Leaked AWS GovCloud Keys
A CISA contractor exposed highly sensitive credentials on a public GitHub repository. The leak included access keys to AWS GovCloud accounts and internal CISA systems, along with details on the agency's internal software development and deployment processes, marking a significant government data breach.
Neeraj Dhiman · 3w ago
Security
GitHub Investigates Internal Repository Breach
GitHub is investigating a claim by a threat actor group called TeamPCP. The group alleges it accessed GitHub's internal repositories and is attempting to sell the platform's source code on a cybercrime forum. GitHub has found no evidence that customer data has been impacted so far.
Neeraj Dhiman · 3w ago
Security
Hackers Steal Grafana Source Code
Grafana Labs has disclosed a security incident where attackers used a stolen GitHub access token to access its environment. The breach resulted in the unauthorized download of some of its source code. Grafana is investigating but states no customer data was compromised.
Neeraj Dhiman · 3w ago
Security
Grafana GitHub Breach Exposes Source Code
Grafana Labs confirmed a security breach limited to its GitHub environment, exposing public and private source code. The company stated that its investigation found no evidence of customer production systems being compromised. The incident was linked to a supply chain attack involving a TanStack npm package.
Neeraj Dhiman · 3w ago
Security
GitHub Breach Linked To TanStack Attack
GitHub has confirmed that a recent breach of 3,800 internal repositories was caused by a malicious VS Code extension. The extension was compromised in a wider supply-chain attack targeting the popular TanStack npm packages, highlighting the growing risks of software dependencies.
Neeraj Dhiman · 3w ago
Security
GitHub swaps cash for swag bounties
GitHub is updating its bug bounty program to handle a massive increase in low-quality submissions, many generated by AI tools. The company is tightening its standards and will now reward certain types of lower-impact vulnerability reports with merchandise instead of cash payments to discourage spam.
Neeraj Dhiman · 3w ago
Security
GitHub Internal Repositories Were Breached
GitHub has disclosed a security breach where an attacker gained unauthorized access to its internal repositories. The compromise originated from a malicious third-party VS Code extension on an employee's device. While thousands of internal repos were exfiltrated, GitHub reports no evidence of impact on customer data.
Neeraj Dhiman · 3w ago
Security
US Government Credentials Leaked on GitHub
A contractor's public GitHub repository accidentally exposed sensitive credentials. The leak included access keys for US government AWS accounts and internal systems for the Cybersecurity and Infrastructure Security Agency (CISA). A researcher from GitGuardian discovered the exposure, which was then reported by security journalist Brian Krebs.
Neeraj Dhiman · 3w ago
Security
Contractor Leaks US Government Credentials
A government contractor's public GitHub repository accidentally exposed credentials for US government AWS accounts and internal CISA systems. The leak, discovered by a security researcher, included sensitive access keys found within the repository's commit history and developer notes, highlighting significant security risks.
Neeraj Dhiman · 3w ago
Infra
Vercel simplifies GitHub commit statuses
Vercel has introduced a consolidated commit status for GitHub monorepos. Instead of receiving a separate status for each project in a pull request, teams can now opt-in to a single, unified status. This simplifies branch protection rules and streamlines the code review and merge process.
Ashish Kale · 3w ago
Security
CISA Contractor Leaked GovCloud Keys
A CISA contractor exposed highly privileged AWS GovCloud credentials and internal system details in a public GitHub repository. Security experts call it a major government data leak, revealing sensitive information about how the agency builds, tests, and deploys its internal software systems, posing a significant security risk.
Neeraj Dhiman · 3w ago
Tech
GitHub List Curates CUDA Books
A new GitHub repository, "awesome-cuda-books," has been shared on Hacker News. It provides a curated list of books for learning CUDA, NVIDIA's parallel computing platform. The resource is aimed at developers looking to deepen their understanding of GPU programming for high-performance computing and AI applications.
Navdeep Kaur Mahal · 3w ago
Infra
Grafana GitHub Token Breach Exposed Codebase
Grafana has disclosed a security incident where an unauthorized party gained access to its GitHub environment using a stolen token. The attacker was able to download the company's codebase. Grafana's investigation found no evidence that customer data or systems were affected by the breach.
Ashish Kale · 3w ago
AI
GitHub Copilot Builds Django Application
A new tutorial demonstrates how to build a simple password generator application with Django using GitHub Copilot's agent mode. The guide uses the PyCharm plugin and GPT-4.1, and concludes with an analysis of the pros and cons of using large language models for software development.
Neeraj Dhiman · 3w ago

← All companies

GitHub

Latest GitHub news, announcements & analysis

AI
GitHub Copilot CLI Now Understands Your Entire Codebase
GitHub's Copilot for the command line is getting a major upgrade. It now uses the same technology that powers code editors to provide smarter, more accurate suggestions, making it a far more powerful tool for developers.
Neeraj Dhiman · 3d ago
Infra
Microsoft Urges Move to GitHub Despite Outages
Microsoft is pushing enterprises to switch from Azure Repos to GitHub. The recommendation comes despite GitHub's recent history of major outages, forcing IT leaders to weigh new features against platform stability.
Ashish Kale · 4d ago
AI
GitHub Cuts AI Agent Token Costs
GitHub reduced token consumption in its AI-powered CI workflows by up to 62%. The company achieved this by removing unused tools, replacing API calls with its CLI, and deploying daily automated agents to audit and optimize usage, offering a model for others to follow.
Neeraj Dhiman · 1w ago
Security
GitHub Actions Attack Steals Credentials
A popular GitHub Actions workflow, `actions-cool/issues-helper`, has been compromised in a supply chain attack. Attackers altered repository tags to point to malicious code designed to steal sensitive credentials from CI/CD environments and send them to an external server.
Neeraj Dhiman · 3w ago
Security
CISA Credentials Found In Public Repo
The US Cybersecurity and Infrastructure Agency (CISA) accidentally exposed sensitive credentials, including plaintext passwords and SSH keys, in a public GitHub repository. The repository, discovered by security firm GitGuardian, was accessible for an extended period before being taken offline after a security researcher reported the issue.
Neeraj Dhiman · 3w ago
Security
CISA Contractor Leaked AWS GovCloud Keys
A CISA contractor exposed highly sensitive credentials on a public GitHub repository. The leak included access keys to AWS GovCloud accounts and internal CISA systems, along with details on the agency's internal software development and deployment processes, marking a significant government data breach.
Neeraj Dhiman · 3w ago
Security
GitHub Investigates Internal Repository Breach
GitHub is investigating a claim by a threat actor group called TeamPCP. The group alleges it accessed GitHub's internal repositories and is attempting to sell the platform's source code on a cybercrime forum. GitHub has found no evidence that customer data has been impacted so far.
Neeraj Dhiman · 3w ago
Security
Hackers Steal Grafana Source Code
Grafana Labs has disclosed a security incident where attackers used a stolen GitHub access token to access its environment. The breach resulted in the unauthorized download of some of its source code. Grafana is investigating but states no customer data was compromised.
Neeraj Dhiman · 3w ago
Security
Grafana GitHub Breach Exposes Source Code
Grafana Labs confirmed a security breach limited to its GitHub environment, exposing public and private source code. The company stated that its investigation found no evidence of customer production systems being compromised. The incident was linked to a supply chain attack involving a TanStack npm package.
Neeraj Dhiman · 3w ago
Security
GitHub Breach Linked To TanStack Attack
GitHub has confirmed that a recent breach of 3,800 internal repositories was caused by a malicious VS Code extension. The extension was compromised in a wider supply-chain attack targeting the popular TanStack npm packages, highlighting the growing risks of software dependencies.
Neeraj Dhiman · 3w ago
Security
GitHub swaps cash for swag bounties
GitHub is updating its bug bounty program to handle a massive increase in low-quality submissions, many generated by AI tools. The company is tightening its standards and will now reward certain types of lower-impact vulnerability reports with merchandise instead of cash payments to discourage spam.
Neeraj Dhiman · 3w ago
Security
GitHub Internal Repositories Were Breached
GitHub has disclosed a security breach where an attacker gained unauthorized access to its internal repositories. The compromise originated from a malicious third-party VS Code extension on an employee's device. While thousands of internal repos were exfiltrated, GitHub reports no evidence of impact on customer data.
Neeraj Dhiman · 3w ago
Security
US Government Credentials Leaked on GitHub
A contractor's public GitHub repository accidentally exposed sensitive credentials. The leak included access keys for US government AWS accounts and internal systems for the Cybersecurity and Infrastructure Security Agency (CISA). A researcher from GitGuardian discovered the exposure, which was then reported by security journalist Brian Krebs.
Neeraj Dhiman · 3w ago
Security
Contractor Leaks US Government Credentials
A government contractor's public GitHub repository accidentally exposed credentials for US government AWS accounts and internal CISA systems. The leak, discovered by a security researcher, included sensitive access keys found within the repository's commit history and developer notes, highlighting significant security risks.
Neeraj Dhiman · 3w ago
Infra
Vercel simplifies GitHub commit statuses
Vercel has introduced a consolidated commit status for GitHub monorepos. Instead of receiving a separate status for each project in a pull request, teams can now opt-in to a single, unified status. This simplifies branch protection rules and streamlines the code review and merge process.
Ashish Kale · 3w ago
Security
CISA Contractor Leaked GovCloud Keys
A CISA contractor exposed highly privileged AWS GovCloud credentials and internal system details in a public GitHub repository. Security experts call it a major government data leak, revealing sensitive information about how the agency builds, tests, and deploys its internal software systems, posing a significant security risk.
Neeraj Dhiman · 3w ago
Tech
GitHub List Curates CUDA Books
A new GitHub repository, "awesome-cuda-books," has been shared on Hacker News. It provides a curated list of books for learning CUDA, NVIDIA's parallel computing platform. The resource is aimed at developers looking to deepen their understanding of GPU programming for high-performance computing and AI applications.
Navdeep Kaur Mahal · 3w ago
Infra
Grafana GitHub Token Breach Exposed Codebase
Grafana has disclosed a security incident where an unauthorized party gained access to its GitHub environment using a stolen token. The attacker was able to download the company's codebase. Grafana's investigation found no evidence that customer data or systems were affected by the breach.
Ashish Kale · 3w ago
AI
GitHub Copilot Builds Django Application
A new tutorial demonstrates how to build a simple password generator application with Django using GitHub Copilot's agent mode. The guide uses the PyCharm plugin and GPT-4.1, and concludes with an analysis of the pros and cons of using large language models for software development.
Neeraj Dhiman · 3w ago