-
The new infostealer campaign spreads Vidar 2.0 via fake game cheats on GitHub and Reddit, stealing crypto, login tokens, and files while targeting young gamers ignoring security warnings
·
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenClaw’s rapid rise has accidentally exposed how far GitHub’s advisory ecosystem has drifted from traditional CVE‑centric vulnerability tracking. Within roughly three weeks, the project published more than 200 GitHub Security Advisories (GHSA), and i…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new Windows stealer dubbed BoryptGrab is being distributed through a large, ongoing campaign abusing fake GitHub repositories that pose as free tools, game cheats, and popular utilities. The malware focuses on stealing browser data, cryptocurrency wa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackerbot-claw, an autonomous AI bot, has launched a week-long campaign abusing GitHub Actions misconfigurations to hit CI/CD pipelines at Microsoft, DataDog, and other major open-source projects, achieving remote code execution (RCE) and even full rep…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this author, and more recently caused a SWAT team to be sent to the researcher’s home. This post examines what is…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Attackers have weaponized a malicious fork of the legitimate Triton macOS client for omg.lol, turning a trusted open-source project into a delivery channel for Windows malware hosted on GitHub. The campaign abuses GitHub’s forking model, misleading REA…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Lazarus Group’s latest software supply chain operation is using fake recruiter lures and popular open‑source ecosystems to deliver malware to cryptocurrency‑focused developers quietly. The campaign, dubbed graphalgo, abuses GitHub, npm, and PyPI to hid…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
RU-APT-ChainReaver-L Hijacks Trusted Sites and GitHub in Sweeping Cross-Platform Supply Chain Attack
A newly exposed advanced persistent threat (APT) campaign, tracked as RU-APT-ChainReaver-L, is hijacking trusted file-hosting sites and long-standing GitHub accounts to deliver stealthy malware to Windows, macOS, and iOS users at scale. The campaign ab…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Bitdefender Labs reveals that 17% of OpenClaw AI skills analyzed in February 2026 are malicious. With over 160,000…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors have successfully exploited a design flaw in GitHub’s fork architecture to distribute malware disguised as the legitimate GitHub Desktop installer. The attack chain begins with a deceptively simple but effective technique. Attackers…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶