InfoWorld

GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments

Wiz has found threat actors exploiting GitHub tokens, giving them access to GitHub Action Secrets and, ultimately, cloud ...
The Register on MSN

GitHub walks back plan to charge for self-hosted runners

Engineers cried foul over plan to charge $0.002/min. updated Following publication of our original article, GitHub reversed ...
WinBuzzer

GitHub Postpones Self-Hosted Action Runner Fees Following Community Revolt

GitHub has indefinitely postponed its controversial $0.002/minute fee for self-hosted Actions runners after intense backlash, ...
Ars Technica

Copilot exposes private GitHub pages, some removed by Microsoft

Microsoft’s Copilot AI assistant is exposing the contents of more than 20,000 private GitHub repositories from companies including Google, Intel, Huawei, PayPal, IBM, Tencent and, ironically, ...
TechCrunch

Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot

Security researchers are warning that data exposed to the internet, even for a moment, can linger in online generative AI chatbots like Microsoft Copilot long after the data is made private. Thousands ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
Dark Reading

Supply Chain Attacks Targeting GitHub Actions Increased in 2025

At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open ...
Geeky Gadgets

Why your private GitHub repos may not be as secure as you think

Private and deleted GitHub repositories are not as secure as users might assume. Data from deleted forks, deleted repositories, and private repositories can still be accessed, often indefinitely. This ...