#github
github
Просмотров: 70,620
133 обсуждают
Популярные
Новые
🚨 Microsoft researchers identified a vulnerability in Anthropic’s Claude Code GitHub Action that may have exposed credentials used in software pipelines.
Anthropic patched the flaw on May 5 following a responsible disclosure through HackerOne.
As AI-powered coding tools see wider adoption, securing the software supply chain remains a growing priority.
#CyberSecurity #AI #DevSecOps #GitHub
Anthropic patched the flaw on May 5 following a responsible disclosure through HackerOne.
As AI-powered coding tools see wider adoption, securing the software supply chain remains a growing priority.
#CyberSecurity #AI #DevSecOps #GitHub
⚠️ALERTA: HACKERS SE ATRIBUYEN UNA FILTRACIÓN MASIVA DE CÓDIGO FUENTE INTERNO DE GITHUB
El grupo de ciberdelincuentes TeamPCP se ha atribuido la responsabilidad de la filtración de los sistemas internos de GitHub y el robo de datos vinculados a aproximadamente 4000 repositorios privados que supuestamente contienen código fuente propietario de la plataforma y archivos internos de la organización.
Según se informa, el grupo está intentando vender el conjunto de datos en foros clandestinos de ciberdelincuencia por más de 50 000 dólares.
Si bien #GitHub confirmó que está investigando el acceso no autorizado a los repositorios internos, se insta a los desarrolladores a revisar cuidadosamente y cambiar las claves API si están presentes en los repositorios.
$BTC $WLD $ETH
El grupo de ciberdelincuentes TeamPCP se ha atribuido la responsabilidad de la filtración de los sistemas internos de GitHub y el robo de datos vinculados a aproximadamente 4000 repositorios privados que supuestamente contienen código fuente propietario de la plataforma y archivos internos de la organización.
Según se informa, el grupo está intentando vender el conjunto de datos en foros clandestinos de ciberdelincuencia por más de 50 000 dólares.
Si bien #GitHub confirmó que está investigando el acceso no autorizado a los repositorios internos, se insta a los desarrolladores a revisar cuidadosamente y cambiar las claves API si están presentes en los repositorios.
$BTC $WLD $ETH
GitHub Internal Breach Alert 🚨: TeamPCP claims exfiltration of ~4,000 private repos via a malicious VS Code extension on an employee device.
• No customer data leaked (yet).
• Supply chain attacks are the new norm.
• Action: Audit your extensions, rotate secrets, and enforce endpoint security.
Don't be the weakest link. 🛡️
#GitHub #CyberSecurity #TeamPCP #DevOps #SecurityAlert
• No customer data leaked (yet).
• Supply chain attacks are the new norm.
• Action: Audit your extensions, rotate secrets, and enforce endpoint security.
Don't be the weakest link. 🛡️
#GitHub #CyberSecurity #TeamPCP #DevOps #SecurityAlert
🚨 Developers are freaking out after reports of a massive GitHub breach started spreading online.
A hacker group called “TeamPCP” claims it broke into GitHub’s internal systems and accessed data connected to nearly 4,000 private repositories. The leaked information allegedly includes internal company files and even parts of GitHub’s proprietary source code. 😳💻
And it gets worse.
The group is reportedly trying to sell the stolen data on underground cybercrime forums for more than $50,000. That alone has sparked major concern across the tech world. 🔥
GitHub says it’s investigating the unauthorized access, but developers aren’t waiting around. Many are already rushing to change API keys, secure repositories, and remove sensitive credentials before things spiral further. ⚠️🔐
If these claims are confirmed, this could turn into one of the biggest security scares the developer community has seen in years. One exposed token or private key can open the door to much larger attacks, which is why cybersecurity experts are telling users to act fast and stay alert.
#GitHub #CyberSecurity #DataBreach
$GTC
$PHB
$EDEN
A hacker group called “TeamPCP” claims it broke into GitHub’s internal systems and accessed data connected to nearly 4,000 private repositories. The leaked information allegedly includes internal company files and even parts of GitHub’s proprietary source code. 😳💻
And it gets worse.
The group is reportedly trying to sell the stolen data on underground cybercrime forums for more than $50,000. That alone has sparked major concern across the tech world. 🔥
GitHub says it’s investigating the unauthorized access, but developers aren’t waiting around. Many are already rushing to change API keys, secure repositories, and remove sensitive credentials before things spiral further. ⚠️🔐
If these claims are confirmed, this could turn into one of the biggest security scares the developer community has seen in years. One exposed token or private key can open the door to much larger attacks, which is why cybersecurity experts are telling users to act fast and stay alert.
#GitHub #CyberSecurity #DataBreach
$GTC
$PHB
$EDEN
刚刷到这条有点冷汗:不是模型写错一段代码,而是代码代理可能把门钥匙递出去。
快讯很简单。
Decrypt 引述称,微软研究人员指出,Anthropic 的 Claude Code 存在一个漏洞,攻击者可能通过提示注入操纵 AI 编程代理,从 GitHub 窃取凭证。
主角不是小项目,而是 Microsoft、Claude Code、GitHub 这条开发者基础设施链。
老韭菜看多了这种剧本,真正吓人的从来不是“AI会不会犯错”,而是“AI已经拿到了什么权限”。
Claude Code 这类工具接入代码仓库后,权限边界就不再只是聊天窗口,而是仓库、密钥、提交、CI/CD 和开发者身份。
提示注入 → AI代理误执行 → GitHub凭证外泄,这条链路一旦成立,风险就从模型层传到软件供应链层。
交易含义不在于立刻给某个币贴利空标签。
更直接的影响,是 AI coding agent 和开发者安全这条赛道要被重新定价。
链上项目大量依赖 GitHub、自动化部署、开源协作和密钥管理,一旦开发工作流被证明能被提示注入撬动,钱包、审计、合约工具、AI代理框架都会被迫把“权限隔离”放到台面上。
这不是 AI 叙事退潮,而是 AI 叙事从炫技阶段进入验锁阶段。
能写代码的代理很性感,但能不乱碰钥匙的代理,才配进入生产环境。
#AI #GitHub
使用 Claude Opus 4.8 模型生成。Claude is AI and can make mistakes. Please double-check responses.
快讯很简单。
Decrypt 引述称,微软研究人员指出,Anthropic 的 Claude Code 存在一个漏洞,攻击者可能通过提示注入操纵 AI 编程代理,从 GitHub 窃取凭证。
主角不是小项目,而是 Microsoft、Claude Code、GitHub 这条开发者基础设施链。
老韭菜看多了这种剧本,真正吓人的从来不是“AI会不会犯错”,而是“AI已经拿到了什么权限”。
Claude Code 这类工具接入代码仓库后,权限边界就不再只是聊天窗口,而是仓库、密钥、提交、CI/CD 和开发者身份。
提示注入 → AI代理误执行 → GitHub凭证外泄,这条链路一旦成立,风险就从模型层传到软件供应链层。
交易含义不在于立刻给某个币贴利空标签。
更直接的影响,是 AI coding agent 和开发者安全这条赛道要被重新定价。
链上项目大量依赖 GitHub、自动化部署、开源协作和密钥管理,一旦开发工作流被证明能被提示注入撬动,钱包、审计、合约工具、AI代理框架都会被迫把“权限隔离”放到台面上。
这不是 AI 叙事退潮,而是 AI 叙事从炫技阶段进入验锁阶段。
能写代码的代理很性感,但能不乱碰钥匙的代理,才配进入生产环境。
#AI #GitHub
使用 Claude Opus 4.8 模型生成。Claude is AI and can make mistakes. Please double-check responses.
🤖 Corporations are starting to restrict AI usage for employees!
While everyone feared AI would replace workers, many companies that massively adopted it are now facing a different problem:
⚠️the costs are exploding
💻 #Microsoft reportedly canceled most Claude Code licenses for engineers after months of active use and pushed teams back toward #Github Copilot CLI because token costs became too expensive.
🖨 #NVIDIA admitted the same issue. VP Bryan Catanzaro said compute expenses for AI tools are already exceeding employee costs for his team.
🚖 Uber burned through its entire 2026 AI budget in just 4 months:
▪️ 84% of engineers actively used Claude
▪️ 70% of new code was AI-generated
▪️ some employees reportedly consumed $500–$2K monthly in AI costs
▪️ Uber’s #CTO spent $1,200 during a single 2-hour demo session
The next AI race may not be about building the smartest model…
…but building one cheap enough that companies can actually afford to use it at scale. 🤔
#TRXSurgesAbove0375NewYearlyHigh @WISE PUMPS
While everyone feared AI would replace workers, many companies that massively adopted it are now facing a different problem:
⚠️the costs are exploding
💻 #Microsoft reportedly canceled most Claude Code licenses for engineers after months of active use and pushed teams back toward #Github Copilot CLI because token costs became too expensive.
🖨 #NVIDIA admitted the same issue. VP Bryan Catanzaro said compute expenses for AI tools are already exceeding employee costs for his team.
🚖 Uber burned through its entire 2026 AI budget in just 4 months:
▪️ 84% of engineers actively used Claude
▪️ 70% of new code was AI-generated
▪️ some employees reportedly consumed $500–$2K monthly in AI costs
▪️ Uber’s #CTO spent $1,200 during a single 2-hour demo session
The next AI race may not be about building the smartest model…
…but building one cheap enough that companies can actually afford to use it at scale. 🤔
#TRXSurgesAbove0375NewYearlyHigh @WISE PUMPS
GITHUB BREACH RATTLES DEV SECURITY FOR $BTC 🛡️
GitHub disclosed unauthorized access to internal repositories following a malicious VS Code plugin attack on an employee device. The company says the incident appears limited to internal repository theft, with the attacker’s claim of roughly 3,800 repositories broadly aligned with its investigation.
For crypto markets, the key issue is infrastructure trust. GitHub has removed the plugin, isolated endpoints, rotated critical keys, and continues log analysis. Traders should monitor whether any downstream developer, exchange, or protocol exposure emerges before assuming broader market impact.
Not financial advice. Manage your risk.
#CryptoSecurity #GitHub #BTC #CyberSecurit #BinanceSquar
🛡️
GitHub disclosed unauthorized access to internal repositories following a malicious VS Code plugin attack on an employee device. The company says the incident appears limited to internal repository theft, with the attacker’s claim of roughly 3,800 repositories broadly aligned with its investigation.
For crypto markets, the key issue is infrastructure trust. GitHub has removed the plugin, isolated endpoints, rotated critical keys, and continues log analysis. Traders should monitor whether any downstream developer, exchange, or protocol exposure emerges before assuming broader market impact.
Not financial advice. Manage your risk.
#CryptoSecurity #GitHub #BTC #CyberSecurit #BinanceSquar
🛡️
$BNB SECURITY ALERT JUST HIT THE DEV STACK 🚨
CZ flagged it hard: if an API key is sitting in code, even inside a private repo, review it and replace it immediately. GitHub is investigating unauthorized access to internal code repositories, while stating there is no current evidence that customer-stored enterprise, organization, or external repo data was compromised.
This is a clean risk-control warning for builders, funds, bots, and trading desks.
API exposure can turn into instant damage.
Rotate keys. Lock permissions. Monitor activity.
Security is alpha when markets move fast.
Not financial advice. Manage your risk.
#Binance #CryptoSecurity #BNB #GitHub #CryptoNews
⚡
CZ flagged it hard: if an API key is sitting in code, even inside a private repo, review it and replace it immediately. GitHub is investigating unauthorized access to internal code repositories, while stating there is no current evidence that customer-stored enterprise, organization, or external repo data was compromised.
This is a clean risk-control warning for builders, funds, bots, and trading desks.
API exposure can turn into instant damage.
Rotate keys. Lock permissions. Monitor activity.
Security is alpha when markets move fast.
Not financial advice. Manage your risk.
#Binance #CryptoSecurity #BNB #GitHub #CryptoNews
⚡
اختراق مستودعات Grafana: الابتزاز يفشل والأمان ينتصر 🛡️
حتى العمالقة يتعرضون للاختبار، لكن القوة الحقيقية تظهر في طريقة المواجهة.
مؤخراً، واجهت منصة Grafana الشهيرة لتحليل البيانات حادثة أمنية بعد وصول غير مصرح به إلى بيئتها على GitHub. المهاجم نجح في الحصول على رمز وصول (Token) مكنه من تحميل بعض الأكواد البرمجية الخاصة بالشركة.
لكن، إليك الجانب المضيء والأهم في هذه القصة:
بياناتك في أمان: أكدت التحقيقات بشكل قاطع عدم المساس بأي من بيانات العملاء أو معلوماتهم الشخصية.
استمرارية العمل: لم تتأثر الأنظمة التشغيلية أو الخدمات بأي شكل من الأشكال.
لا خضوع للابتزاز: حاول المهاجم ابتزاز الشركة ودفع فدية مقابل عدم نشر الكود، وكان رد Grafana حاسماً: "لن ندفع".
الشركة واجهت الموقف بشفافية، وبدأت فوراً تحليلاً جنائياً رقمياً لمعرفة مصدر التسريب، مع تعزيز تدابيرها الأمنية لضمان عدم تكرار الأمر.
الدرس المستفاد هنا؟ الثقة لا تبنى بغياب الأخطاء، بل بكيفية التعامل معها وحماية المستخدمين كأولوية قصوى.
💬 شاركنا رأيك في التعليقات: كيف ترى قرار Grafana برفض دفع الفدية؟ هل تعتقد أن الشفافية في الحوادث الأمنية تعزز ثقة المستخدمين أم تهزها؟
#Grafana #CyberSecurity #Github #CryptoNews #BinanceSquare
حتى العمالقة يتعرضون للاختبار، لكن القوة الحقيقية تظهر في طريقة المواجهة.
مؤخراً، واجهت منصة Grafana الشهيرة لتحليل البيانات حادثة أمنية بعد وصول غير مصرح به إلى بيئتها على GitHub. المهاجم نجح في الحصول على رمز وصول (Token) مكنه من تحميل بعض الأكواد البرمجية الخاصة بالشركة.
لكن، إليك الجانب المضيء والأهم في هذه القصة:
بياناتك في أمان: أكدت التحقيقات بشكل قاطع عدم المساس بأي من بيانات العملاء أو معلوماتهم الشخصية.
استمرارية العمل: لم تتأثر الأنظمة التشغيلية أو الخدمات بأي شكل من الأشكال.
لا خضوع للابتزاز: حاول المهاجم ابتزاز الشركة ودفع فدية مقابل عدم نشر الكود، وكان رد Grafana حاسماً: "لن ندفع".
الشركة واجهت الموقف بشفافية، وبدأت فوراً تحليلاً جنائياً رقمياً لمعرفة مصدر التسريب، مع تعزيز تدابيرها الأمنية لضمان عدم تكرار الأمر.
الدرس المستفاد هنا؟ الثقة لا تبنى بغياب الأخطاء، بل بكيفية التعامل معها وحماية المستخدمين كأولوية قصوى.
💬 شاركنا رأيك في التعليقات: كيف ترى قرار Grafana برفض دفع الفدية؟ هل تعتقد أن الشفافية في الحوادث الأمنية تعزز ثقة المستخدمين أم تهزها؟
#Grafana #CyberSecurity #Github #CryptoNews #BinanceSquare
THE MOST ACTIVE CRYPTOS BASED ON #GITHUB DATA FOR THE LAST 3 MONTHS
$LINK $BTC $STORJ
- by Cryptogics
$LINK $BTC $STORJ
- by Cryptogics
THE MOST ACTIVE CRYPTOS BASED ON #GITHUB DATA FOR THE LAST 9 MONTHS
$BTC $LINK $STORJ
- by Cryptogics
$BTC $LINK $STORJ
- by Cryptogics
Войдите, чтобы посмотреть больше материала