GitHub rotated credentials and patched a new bug after a high-severity vulnerability was discovered in December. The bug could have allowed threat actors to access credentials within a production container. Customers using GitHub commit signing key and encryption keys for GitHub Actions, GitHub Codespaces, and Dependabot may need to take additional action. GitHub has released an update to fix the vulnerability on its GitHub Enterprise Server and urges customers to apply the patch. Continuous monitoring of accounts and access controls, along with multi-factor authentication, is crucial for minimizing the attack surface. The cybersecurity landscape of 2023 reveals the top cyber-attacks and the need for patching urgent vulnerabilities in critical infrastructure systems.

https://www.infosecurity-magazine.com/news/github-rotates-credentials-patches/