Dark Reading

Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects

A pair of security vulnerabilities discovered in the GitHub environments of two very popular open source projects from Apache and Google could be used to stealthily modify project source code, steal ...
Bleeping Computer

35,000 code repos not hacked—but clones flood GitHub to serve malware

Thousands of GitHub repositories were copied with their clones altered to include malware, a software engineer discovered today. While cloning open source repositories is a common development practice ...