Browsing Tag
GitHub
69 posts
Fake NPM Package With 206K Downloads Targeted GitHub for Credentials (UPDATED)
Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation's code.
Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns
Astaroth banking trojan has evolved to use GitHub and steganography for resilient C2, hiding its vital commands in images. Learn how this sophisticated malware employs fileless techniques to steal banking and crypto credentials from users across Latin America.
New Shai-hulud Worm Infecting npm Packages With Millions of Downloads
ReversingLabs discovers “Shai-hulud,” a self-replicating computer worm on the npm open-source registry. Learn how the malware steals developer…
GhostAction Attack Steals 3,325 Secrets from GitHub Projects
GhostAction supply chain attack hit 817 GitHub repositories, stealing 3,325 secrets including npm, PyPI, and DockerHub tokens.
Thousands of Developer Credentials Stolen in macOS “s1ngularity” Attack
A supply chain attack called “s1ngularity” on Nx versions 20.9.0-21.8.0 stole thousands of developer credentials. The attack targeted…
Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft
Microsoft warns that a fake ChatGPT desktop app was used to deliver PipeMagic malware, linked to ransomware attacks…
Hacker Added Prompt to Amazon Q to Erase Files and Cloud Data
A hacker injected a malicious prompt into Amazon Q via GitHub, aiming to delete user files and wipe AWS data, exposing a major security flaw.
GitHub Abused to Spread Amadey, Lumma and Redline InfoStealers in Ukraine
Hackers abused fake GitHub accounts to spread Emmenhtal, Amadey, Lumma and Redline infoStealers in attacks linked to a phishing campaign targeting Ukraine in early 2025.
Banana Squad Hides Data-Stealing Malware in Fake GitHub Repositories
Banana Squad hid data-stealing malware in fake GitHub repos posing as Python tools, tricking users and targeting sensitive info like browser and wallet data.
SilverRAT Source Code Leaked Online: Here’s What You Need to Know
SilverRAT Source Code leaked on GitHub, exposing powerful malware tools for remote access, password theft, and crypto attacks before removal.