GitHub Security Lab

In this blog post, we detail newly discovered authentication bypass vulnerabilities in the ruby-saml library used for single sign-on (SSO) via SAML on the service provider (application) side. Users of ruby-saml should update immediately to version 1.18.0. https://lnkd.in/gknx5Qej

🚀 Calling all CoderGirls in Aarhus! Join 🍁 Sylwia Budzynska for a Code Night at the Microsoft office—a relaxed evening of coding, collaboration, and community. Whether you’re working on a project or just want to connect with fellow developers, this is for you! 🎉 📅 Thursday, March 13, 2025 ⏰ 4:30 PM – 6:30 PM CET 📍 INCUBA, Åbogade 15, Århus N Bring your laptop, bring your ideas, and let’s code together! 💻✨

Stage selfie from 📍🇺🇸 Seattle, Washington and CyberWeek by ThinkCyber Foundation! The GitHub Security Lab sponsored the first edition of CyberWeek, where students from 50 US-based universities joined both online and in-person to build software security skills. Special thanks to the founder, Armora Rama, and all volunteers that made this a reality.

GitHub day is finally here! Join us in person at 9AM at Microsoft Innovation Hub in Bellevue, Lincoln Square as we have an amazing day filled with coding, competition, networking and learning from GitHub engineers etc! A celebration of knowledge! 🤖 Joseph Katsioloudes and Nancy G. thank you so much for coming in Seattle to have this day with us, and thank you GitHub Security Lab for your incredible support in this! Another special thank you to Klodiana Hajdari Carlin Cherry Arber Dumani who will be joining us today to help the students and share their work through out the day.

Cyber Quest has officially started!! Inviting you all from today until next Tuesday to play these games, learn and get your certificates. There is something for everyone regardless of how much you know in cyber security! Thank you so much GitHub Security Lab, KC7: The Cyber Detective Game Security Innovation for providing these games for our #thinkcyberfoundation squad. Links to the games: Threat Hunting, KC7: The Cyber Detective Game : Capture the Flag Security Innovation: https://lnkd.in/dxJBh7Fm (password: XjPLzY5c) Software Security Game GitHub Security Lab Because we have the in person competition tomorrow, we can't share it in social media yet. Please register at ThinkCyber Link and you will receive the links to Software Security Game: https://lnkd.in/dxMXRdYM. Women in CyberSecurity (WiCyS) Chicago ISSA Rainier Chapter Women CyberGuardians WISP Chicago Region Local Group Blacks in Cybersecurity ISACA University of Washington Student Chapter ISACA Puget Sound Chapter ISACA 🤖 Joseph Katsioloudes Simeon Kakpovi Adele M. Uljana Sejko 🔐

Happy Friday folks! Here is a throwback to our 2nd most popular research post of 2024, "Gaining kernel code execution on an MTE-enabled Pixel 8" by Man yue Mo https://lnkd.in/eY-HxZSn

Keep your GitHub Actions secure! Vulnerable Workflows can expose you to secrets leaks, repository takeovers, remote code execution on your runners ... and more. Read our series on GitHub Actions security to understand the most common vulnerability patterns, learn secure practices, and protect your Workflows with CodeQL https://lnkd.in/gZPgWbXX

Time flies! 4 years ago Antonio Morales published his Fuzzing101 online course. 3,000 stars and hundreds of happy learners later, Rumor has it that Antonio is working on some new exercises! Soooooo ... if you want to learn how to fuzz, now is the time to catch-up on the first 10 challenges before he drops the new ones! Head on over to gh.io/fuzzing101 https://gh.io/fuzzing101 to get your fuzz on!

The Security Lab is proud to sponsor NULLCON Goa 2025! We are also funding scholarship tickets to enable and empower the next generation of security researchers to attend these high-quality conference sessions and network with security professionals! Enjoy, folks!

ICYMI Nancy Gariché published an article full of insights and practical tips for those considering starting a career in Cybersecurity: "Cybersecurity researchers: Digital detectives in a connected world" https://lnkd.in/ggKQGKsZ