惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

W
WeLiveSecurity
The GitHub Blog
The GitHub Blog
Engineering at Meta
Engineering at Meta
Microsoft Azure Blog
Microsoft Azure Blog
The Register - Security
The Register - Security
Stack Overflow Blog
Stack Overflow Blog
博客园 - 三生石上(FineUI控件)
T
Threat Research - Cisco Blogs
S
SegmentFault 最新的问题
V2EX - 技术
V2EX - 技术
Hacker News: Ask HN
Hacker News: Ask HN
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Proofpoint News Feed
J
Java Code Geeks
Microsoft Security Blog
Microsoft Security Blog
M
MIT News - Artificial intelligence
AI
AI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
P
Proofpoint News Feed
Hacker News - Newest:
Hacker News - Newest: "LLM"
B
Blog
N
News and Events Feed by Topic
N
News | PayPal Newsroom
Google DeepMind News
Google DeepMind News
酷 壳 – CoolShell
酷 壳 – CoolShell
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
WordPress大学
WordPress大学
C
Cybersecurity and Infrastructure Security Agency CISA
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园 - 【当耐特】
U
Unit 42
腾讯CDC
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Cloudflare Blog
H
Help Net Security
Recent Announcements
Recent Announcements
P
Privacy & Cybersecurity Law Blog
IT之家
IT之家
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Security Archives - TechRepublic
Security Archives - TechRepublic
L
LINUX DO - 热门话题
Martin Fowler
Martin Fowler
MongoDB | Blog
MongoDB | Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
H
Heimdal Security Blog
博客园 - 聂微东
S
Securelist
大猫的无限游戏
大猫的无限游戏
Cloudbric
Cloudbric
Cisco Talos Blog
Cisco Talos Blog

The latest security news for developers - The GitHub Blog

Inside the Advisory Database and what happens when vulnerability volume breaks records Making secret scanning more trustworthy: Reducing false positives at scale Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program Securing the git push pipeline: Responding to a critical remote code execution vulnerability Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game How exposed is your code? Find out in minutes—for free Securing the open source supply chain across GitHub A year of open source vulnerability trends: CVEs, advisories, and malware GitHub expands application security coverage with AI‑powered detections Investing in the people shaping open source and securing the future together How to scan for vulnerabilities with GitHub Security Lab’s open source AI-powered framework
Investigation update: GitHub Enterprise Server signing key rotation
Natalie Guevara · 2026-05-21 · via The latest security news for developers - The GitHub Blog

May 26, 2026: GitHub recently detected a cyber-attack and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. It’s important to note that this investigation is still ongoing, and we will continue to provide details as appropriate.

Given the reality of threat actors and the advent of AI technologies, we need to do all we can to protect our customers. Considering the repositories that have been attacked and an abundance of caution, we are rotating keys, including the GitHub Enterprise Server signing key. This key is used to sign binaries for GitHub Enterprise Server to validate GitHub as the source during a manually initiated update process. All binaries hosted by GitHub are valid.

GitHub Enterprise Server customers need to take immediate action as described below. No action is required for GitHub Enterprise Cloud.

What customers need to do

GitHub Enterprise Server administrators will need to rotate the GPG public keys in their instance. Admins can follow these instructions to do so using a GitHub developed script to streamline the process. If you’d like to independently verify the integrity of the script, its SHA256 digest is:

3009bf5cdef034e153008cc375a05ac0bdbb1a2a325b22adb300c028e3766b43

For single node topology, run these commands:

$ curl -fsSL https://enterprise.github.com/security/2026-05-24/rotate-gpg.sh -o rotate-gpg.sh   
$ chmod ug+x ./rotate-gpg.sh  
$ ./rotate-gpg.sh  
$ sudo ./rotate-gpg.sh 

For HA or cluster topology:

  • Log on to any node in your HA or cluster installation and run the following commands, they will download the script, copy it to all nodes and run it on all nodes:
$ ghe-cluster-each -- curl -fsSL https://enterprise.github.com/security/2026-05-24/rotate-gpg.sh -o rotate-gpg.sh  
$ ghe-cluster-each -- chmod ug+x ./rotate-gpg.sh   
$ ghe-cluster-each -- ./rotate-gpg.sh  
$ ghe-cluster-each -- sudo ./rotate-gpg.sh 
  • Note that the key is stored in both the admin and root accounts, so running a second time with sudo ensures that it is updated in both.

If the signing key is not rotated, future GitHub Enterprise Server version upgrades will fail verification with the following error message: 

Error: The file provided is not a valid GitHub Enterprise Server package.

What this means for GitHub Enterprise Server customers

Future patches and releases will be signed with the new key, and customers will need to rotate to the new public key before those patches and releases can be installed. Customers should ensure they only download GHES updates from the official GitHub.com source URL. GitHub recommends that customers prepare to take GHES security updates at an increased rate over the coming months.

Looking ahead

As the information security landscape continues to evolve, we are prioritizing hardening our systems as new threats emerge. We’ll continue to update our community on noteworthy developments. We remain committed not only to keeping GitHub secure but also to helping secure the broader open source ecosystem.


Original blog post, published May 20, 2026: On Monday May 18, we detected and contained a compromise of an employee device involving a poisoned VS Code extension published by a third party. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.

Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far.

We have no evidence of impact to customer information stored outside of GitHub’s internal repositories, such as our customer’s own enterprises, organizations, and repositories. Some of GitHub’s internal repositories contain information from customers, for example, excerpts of support interactions. If any impact is discovered, we will notify customers via established incident response and notification channels.

We moved quickly to reduce risk. We rotated critical secrets Monday and into Tuesday with the highest-impact credentials prioritized first.

We continue to analyze logs, validate secret rotation, and monitor our infrastructure for any follow-on activity. We will take additional action as the investigation warrants.

We will publish a fuller report once the investigation is complete.

Written by

Alexis Wales

Alexis Wales is the Chief Information Security Officer of GitHub. She leads a team of security experts focused on safeguarding the GitHub platform, products and the open source community, empowering more than 150 million developers worldwide to build and deploy software securely on GitHub.

Alexis has 20 years of experience defending critical national and private sector networks, spanning positions with the Department of Defense and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). This experience sparked her passion for collaboration between the public and private sectors to solve the hardest security challenges that threaten the technology we use every day.

Related posts

Explore more from GitHub

Docs

Docs

Everything you need to master GitHub, all in one place.

Go to Docs

GitHub

GitHub

Build what’s next on GitHub, the place for anyone from anywhere to build anything.

Start building

Customer stories

Customer stories

Meet the companies and engineering teams that build with GitHub.

Learn more

The GitHub Podcast

The GitHub Podcast

Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.

Listen now