Researchers discovered a “high-severity” vulnerability in GitHub on Wednesday, which could have allowed an attacker to take over a repository and potentially infect all software that relies on it with malicious code.
Researchers from the Checkmarx Supply Chain Security team claimed in a blog post that an attacker can gain control of a GitHub repository using a method called Repo Jacking by taking advantage of a logical “hidden” fault in the architecture that leaves renamed users vulnerable to such an assault. Read More…