Supply chain blunder puts 3CX telephone app users at risk

Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into.

GitHub code-signing certificates stolen (but will be revoked this week)

There was a breach, so the bad news isn't great, but the good news isn't too bad...

TikTok “Invisible Challenge” porn malware puts us all at risk

An injury to one is an injury to all. Especially if the other people are part of your social network.

S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]

Latest episode - listen now! (Or read the transcript if you prefer.)

GitHub blighted by “researcher” who created thousands of malicious projects

If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.

S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast]

Latest episode - listen now!

GitHub issues final report on supply-chain source code intrusions

Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.

Critical cryptographic Java security blunder patched – update now!

Either know the private key and use it scrupulously in your digital signature calculation.... or just send a bunch of zeros instead.

Adafruit suffers GitHub data breach – don’t let this happen to you

Training data stashed in GitHub by mistake... unfortunately, it was *real* data