GitHub Security (@GitHubSecurity) / Twitter

50 captures

20 Dec 2017 - 30 Sep 2025

Jul	AUG	Sep
	23
2021	2022	2023

success

fail

About this capture

COLLECTED BY

Collection: Save Page Now

TIMESTAMPS

The Wayback Machine - http://web.archive.org/web/20220823070641/https://twitter.com/GitHubSecurity

GitHub Security

@GitHubSecurity

GitHub's Security Team. Everywhere software is builtgithub.com/securityJoined July 2013 221 Following 13.2K Followers Tweets Tweets & replies Media Likes

GitHub Security’s Tweets

GitHub Security Retweeted

Justin Hutchings

@jhutchings0

· 2h Now you can tell the rest of your team why it's a won't fix when you resolve a Dependabot alert. Let us know what you think! Quote Tweet

GitHub Changelog

@GHchangelog

· 12h

Dependabot alerts: optional dismissal comment github.blog/changelog/2022

GitHub Security

@GitHubSecurity

· 11h

Spoiler alert Preparations for GitHubSecurity @BlueTeamCon underway! Looking forward to seeing you in Chicago this weekend! Table full of boxes of colored pencils and crayons in the process of being bedecked with GitHub's Octocat stickers.

Table full of boxes of colored pencils and crayons in the process of being bedecked with GitHub's Octocat stickers.

read image description ALT

GitHub Security Retweeted

Blue Team Con

@BlueTeamCon

· Aug 21 Sign-ups are open if you want to take advantage of Blue Team Con’s Career Village. Experienced hiring managers are ready to help you via resume reviews, mock interviews, and/or giving general career advice. Book a slot today! Quote Tweet

bat

@mzbat

· Aug 21

Need resume help? Want to perform better in interviews? Today is your lucky day! Sign up is OPEN for the Career Village at @BlueTeamCon2022! Village is in person only and you'll need to bring a laptop, tablet, or printed copy of your resume. docs.google.com/forms/d/1DnuJe

GitHub SecurityRetweeted

Blue Team Con

@BlueTeamCon

· Aug 19 The Wellness Village (Presented by @HackersHealth and Sponsored by @GitHubSecurity ) will have four mental health talks on Saturday, August 27th. These discussions will be held in the village in a comfortable setting. Please see their talk schedule here:

blueteamcon.com Blue Team Con - Villages Villages are individual rooms throughout the conference that provide unique experiences. The villages will run through the entire conference, and most are free to walk in and out of as you like. Ones...

GitHub Security

@GitHubSecurity

· Aug 18 GitHubSecurity's second report disclosed on HackerOne: Delimiter injection in GitHub Actions core.exportVariable hackerone.com/reports/1625652 Quote Tweet

GitHub Security

@GitHubSecurity

· Apr 15

We are excited to announce a new step for our bug bounty program. Going forward we will be publishing reports that get assigned a CVE (limited disclosure on @HackerOne)! Find our first report (and future ones!) on our Bounty page: hackerone.com/github/hacktiv#GitHubBugBounty

GitHub SecurityRetweeted

GitHub Changelog

@GHchangelog

· Aug 18 False-alert flags will appear in users security log due to a bug in 2FA recovery events

github.blog False-alert flags will appear in users security log due to a bug in 2FA recovery events | GitHub... False-alert flags will appear in users security log due to a bug in 2FA recovery events

Topics to follow

Carousel

Open source Cloud platforms Linux Cloud computing Computer programming Web development Python Machine learning Databases Data science Internet of things Raspberry Pi Microsoft Windows Data visualization UX design Microsoft Augmented reality Smart technology Massachusetts Institute of Technology Android Tech industry Mobile development FinTech Women in tech Tim Cook Adobe PC building Arduino California Institute of Technology Microcontrollers

GitHub Security

@GitHubSecurity

· Aug 18 GitHub is committed to protecting developer privacy, taking action on abusive content, and being transparent with developers about content moderation, and disclosure of user information. See our latest transparency report:

github.blog 2022 Transparency Report: January to June | The GitHub Blog We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve continued with the more granular reporting we began in our 2021 reports.

GitHub Security

@GitHubSecurity

· Aug 18 Excellent volunteer opportunity to support growth and encourage new folks to join our industry! Quote Tweet

Blue Team Con

@BlueTeamCon

· Aug 18

The Career Village is still looking for volunteers to help review resumes, conduct mock interviews, and/or give career advice. Please fill out the form at btcon.link/CareerVillageif you are interested.

GitHub Security Retweeted

Blue Team Con

@BlueTeamCon

· Aug 17 🚨Village Alert🚨 The Childcare Village has been reopened for tickets. Bringing children and need them watched while you see talks, eat, or mingle? The Childcare Village is here for you and is FREE! Add-on tickets available on Eventbrite. More here:

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Aug 12 Secret scanning: Organization admins can dry run custom patterns across all repositories

github.blog Secret scanning: Organization admins can dry run custom patterns across all repositories | GitHub... Secret scanning: Organization admins can dry run custom patterns across all repositories

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Aug 15 GitHub Enterprise Cloud customers can configure audit log streaming to AWS S3 with OpenID Connect (OIDC) – Public Beta

github.blog GitHub Enterprise Cloud customers can configure audit log streaming to AWS S3 with OpenID Connect... GitHub Enterprise Cloud customers can configure audit log streaming to AWS S3 with OpenID Connect (OIDC) - Public Beta

GitHub Security Retweeted

GitHub Security Lab

@GHSecurityLab

· Aug 16 How to handle secrets in GitHub Actions, in ⏱ 38 seconds Embedded video

0:38 1.5K views

GitHub Security Retweeted

GitHub Security Lab

@GHSecurityLab

· Aug 16 Congratulations to all the winners and special shoutout to our very own Nancy Gariché, OWASP Project Person of the Year! Quote Tweet

owasp

@owasp

· Aug 10

The results are in and the winners of the 2022 OWASP Waspy Awards are: owasp.org/awards/ Chapter - Thomas Ljungberg Kristensen Event - Izar Tarandach Project - Nancy Gariche Congratulations to the winners and thank you for your continued support of OWASP.

GitHub Security Retweeted

Jill Moné-Corallo

@thejillboss

· Aug 12 @rotembar sporting our “Keep Hacking Weird” shirt at his @defcon @AppSec_Village talk! @GitHubSecurity @Hacker0x01

GitHub SecurityRetweeted

Jill Moné-Corallo

@thejillboss

· Aug 11 Hanging out with @msftsecresponse tonight! We’ve got more @GitHubSecurity here tonight. Come say hello!! Embedded video

GIF

GitHub Security Retweeted

Jill Moné-Corallo

@thejillboss

· Aug 10 Hanging out with our HackerOne friends! Come say hi to me and a few other @GitHubSecurity folks. #blackhat25

GitHub Security

@GitHubSecurity

· Aug 9 A well-tuned and secure CI/CD workflow is a critical component for development teams looking to build more and ship fast. With Dependabot alerts on vulnerable GitHub Actions, securing your workflows has never been easier.

github.blog Dependabot now alerts for vulnerable GitHub Actions | The GitHub Blog GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions,...

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Aug 6 GitHub Enterprise Cloud customers can access IP addresses for audit log entries for enterprise owned assets

github.blog GitHub Enterprise Cloud customers can access IP addresses for audit log entries for enterprise... The ability for GitHub Enterprise Cloud owners to display members’ IP addresses for all audit logs events for private repositories and other enterprise assets, such as issues and projects, is...

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Aug 3 Introducing the new npm Dependency Selector Syntax

github.blog Introducing the new npm Dependency Selector Syntax | GitHub Changelog Introducing the new npm Dependency Selector Syntax

GitHub Security

@GitHubSecurity

· Aug 3 GitHub is investigating the Tweet published Wed, Aug. 3, 2022: * No repositories were compromised * Malicious code was posted to cloned repositories, not the repositories themselves * The clones were quarantined and there was no evident compromise of GitHub or maintainer accounts

800

2,350

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Aug 2 Privacy statement updates: Adding web cookies to enterprise marketing subdomains

github.blog Privacy statement updates: Adding web cookies to enterprise marketing subdomains | GitHub Changelog Privacy statement updates: Adding web cookies to enterprise marketing subdomains

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Aug 1 Debugging CodeQL analysis in code scanning made easier by obtaining detailed logs and debugging artifacts from the CodeQL Action

github.blog Debugging CodeQL analysis in code scanning made easier by obtaining detailed logs and debugging... Debugging CodeQL analysis in code scanning made easier by obtaining detailed logs and debugging artifacts from the CodeQL Action

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Aug 1 REST API now available for the organization-level security manager role (Public Beta)

github.blog REST API now available for the organization-level security manager role (Public Beta) | GitHub... REST API now available for the organization-level security manager role (Public Beta)

GitHub Security

@GitHubSecurity

· Aug 1 🐰🐇🐰🐇 New month means it's time for our latest GitHub Security Bug Bounty report! July bug bounty stats: ✅Closed 146 reports 💰Awarded $4,200 in bounties 👫101 hackers participated in our program

GitHub Security Retweeted

Blue Team Con

@BlueTeamCon

· Jul 29 This requirement still stands and will for Blue Team Con 2022. Please bring vaccination proof to show at registration and plan to wear a mask in the conference areas. Quote Tweet

Blue Team Con

@BlueTeamCon

· Apr 7

Blue Team Con 2022 will require: - Full vaccination as per CDC guidelines for any authorized ages; and - Masks will be required to be worn throughout the entire conference at all times, except while eating and drinking or if you are a speaker and are currently presenting.

GitHub Security Retweeted

GitHub Security Lab

@GHSecurityLab

· Jul 27 In this post "Corrupting memory without memory corruption" @mmolgtm is showing how a powerful kernel bug, CVE-2022-20186, can be used to root a Pixel 6 from a malicious app

github.blog Corrupting memory without memory corruption | The GitHub Blog In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me...

121

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Jul 26 A new npm `audit signatures` command to verify npm package integrity

github.blog A new npm `audit signatures` command to verify npm package integrity | GitHub Changelog The public npm registry is migrating away from the existing PGP signatures to ECDSA signatures that are more compact and can be verified without extra dependencies in the npm CLI. Ensure the integr...

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Jul 26 General Availability of improved 2FA experience in npm

github.blog General Availability of improved 2FA experience in npm | GitHub Changelog Enhanced Two-Factor Authentication (2FA) experience is now Generally Available. Previously, we had announced a set of improvements in our public beta. Further to this we have made the following new...

GitHub Security

@GitHubSecurity

· Jul 21 Deprecation alert Quote Tweet

GitHub Changelog

@GHchangelog

· Jul 21

GitHub Actions The macOS 10.15 Actions runner image is being deprecated and will be removed by 8/30/22 github.blog/changelog/2022

GitHub Security

@GitHubSecurity

· Jul 16 Very happy to be sponsoring Childcare Village @BlueTeamCon Quote Tweet

Blue Team Con

@BlueTeamCon

· Jul 15

A reminder of our FREE childcare village (well, $5/day to ensure serious purchases and as part of the sitters’ tip). There are VERY limited spots left. Ensure to snag them now if you are interested. Blue Team Con is dedicated to being a family-friendly event. See @Hak4Kidztoo! twitter.com/BlueTeamCon/st… Show this thread

GitHub Security

@GitHubSecurity

· Jul 11 GitHub's Bug Bounty team just hit 1000 reports resolved! ✨🎉✨🎉✨🎉

105

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Jul 1 Dependabot alerts paused for malware advisories

github.blog Dependabot alerts paused for malware advisories | GitHub Changelog Dependabot alerts paused for malware advisories

GitHub Security

@GitHubSecurity

· Jul 1 Looking forward to sharing out the Live Hacking Event stats soon! Kermit Freaking Out GIF

GIF read image description ALT

Show this thread

GitHub Security

@GitHubSecurity

· Jul 1 Here are June's GitHub Security bug bounty stats: ✅Closed 104 reports 💰Awarded $10,100 in bounties 👫87 hackers participated in our program Yes, these stats LOOK a little low compared to last month (twitter.com/GitHubSecurity) as our focus was on our Live Hacking Event... Quote Tweet

GitHub Security

@GitHubSecurity

· Jun 1

With a total of 176 bounty reports submitted, May was close to beating our record 182 reports submitted in March! Here are our May bug bounty stats:

Closed 155 reports

Awarded $30,519 in bounties

128 hackers participated in our program Show this thread

Show this thread GitHub Security Retweeted

Jason

@misfir3

· Jun 30 Luau with fellow @GitHubSecurity Hubbers. Great content, great people, great views too @LocoMocoSec #LocoMocoSec

GitHub SecurityRetweeted

GitHub Changelog

@GHchangelog

· Jun 28 Improved innersource collaboration and enterprise fork policies

github.blog Improved innersource collaboration and enterprise fork policies | GitHub Changelog Improved innersource collaboration and enterprise fork policies

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Jun 28 GitHub Enterprise Cloud customers can configure audit log streaming to AWS S3 with OpenID Connect (OIDC)

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Jun 23 Dependabot alerts: Filter alerts by the scope of the dependency (runtime and development)

github.blog Dependabot alerts: Filter alerts by the scope of the dependency (runtime and development) | GitHub... Dependabot alerts: Filter alerts by the scope of the dependency (runtime and development)

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Jun 27 GitHub Advisory Database now includes Erlang and Elixir advisories

github.blog GitHub Advisory Database now includes Erlang and Elixir advisories | GitHub Changelog GitHub Advisory Database now includes Erlang and Elixir advisories