News

Attack via GitHub MCP server: Access to private data
The official integration of the Model Contet Protocol in GitHub can expose private information if used carelessly.
WinBuzzer6d
GitHub Copilot Ecosystem Hit by Critical MCP Server Security Flaw
GitHub's Model Context Protocol (MCP) has a critical vulnerability allowing AI coding agents to leak private repo data.
InfoQ2mon
How GitHub Leverages CodeQL for Security
GitHub’s Product Security Engineering team secures the code behind GitHub by developing tools like CodeQL to detect and fix vulnerabilities at scale. They’ve shared insights into their ...
TechCrunch1y
GitHub’s latest AI tool can automatically fix code vulnerabilities
This new feature is now available for all GitHub Advanced Security (GHAS) customers. Code-scanning autofix in GitHub Copilot. Image Credits: GitHub “Just as GitHub Copilot relieves developers ...
InfoQ1y
GitHub Advanced Security Generally Available for Azure DevOps
GitHub Advanced Security is now integrated with Microsoft Defender for Cloud (MDC), enabling users to access all alerts for their repositories across both Azure DevOps and GitHub, all from a ...
TechCrunch6mon
GitHub launches $1.25M open source fund with a focus on security
Today it’s GitHub’s turn, launching the GitHub Secure ... and bring it to the much bigger problem of security and software.” Paul was a senior TechCrunch writer based in London, who focused ...