News

CSOonline

GitHub accounts targeted with fake security alerts

In a new phishing campaign, GitHub developers are being targeted with fake “Security Alerts” where they are prompted to authorize a malicious OAuth application. Successful execution of the Click-fix ...
Wired

A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub

A secretive network of around 3,000 “ghost” accounts on GitHub has quietly been manipulating pages on the code-hosting website to promote malware and phishing links, according to new research seen by ...

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account ...
Tech Xplore on MSN

Fraudsters use fake stars to game Github, scam users

Millions of users of GitHub, the premier online platform for sharing open-source software, rely on stars to establish their ...
Infosecurity Magazine

Open Source Community Thwarts Massive npm Supply Chain Attack

What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source ...

Salesloft: March GitHub repo breach led to Salesforce data theft attacks

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in ...

Breach of npm threatens billions of weekly downloads in JavaScript ecosystem

Earlier this week, the Npm package manager suffered what may be its worst security incident to date. Unknown cybercriminals ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign

Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...