Bleeping Computer

GitHub revokes code signing certificates stolen in repo hack

GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories.
Computer Weekly

GitHub warns Desktop, Atom users after code-signing certificates pinched

GitHub has issued an urgent warning to users of its Desktop for Mac and Atom text editor applications after an unauthorised actor broke into its systems and stole two encrypted DigiCert code-signing ...
Infosecurity-magazine.com

GitHub Confirms Signing Certificates Stolen in Cyber-Attack, Revokes Them

GitHub confirmed on Monday that threat actors stole three digital certificates used for its Desktop and Atom applications during a cyber-attack in December 2022. Writing in a blog post, the company ...
Ars Technica

GitHub says hackers cloned code-signing certificates in breached repository

GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing ...
Threat Post

Keybase Extension Brings End-to-End Encrypted Chat To Twitter, Reddit, GitHub

A recently released extension for Chrome, developed by the public key crypto database Keybase, brought end-to-end encrypted messaging to several apps this week. A recently released Chrome extension, ...
Ars Technica

GitHub says hackers cloned code-signing certificates in breached repository

It remains unclear how the threat actor compromised access token used in the breach. Kind of rare to read about a security breach that requires no action. So kudos to Github for good practices. That ...