May 26, 2026 : GitHub recently detected a cyber-attack and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. It’s important to note that this investigation is still ongoing, and we will continue to provide details as appropriate. Given the reality of threat actors and the advent of AI technologies, we need to do all we can to protect our customers. Considering the repositories that have been attacked and an abundance of caution, we are rotating keys, including the GitHub Enterprise Server signing key. This key is used to sign binaries for GitHub Enterprise Server to validate GitHub as the source during a manually initiated update process. All binaries hosted by GitHub are valid. GitHub Enterprise Server customers need to take immediate action as described below. No action is required for GitHub Enterprise Cloud.…