-
A newly uncovered cyber campaign dubbed “EtherRAT” is raising concerns across enterprise environments, as attackers combine SEO poisoning, GitHub abuse, and blockchain-based infrastructure to target high-privilege IT professionals. Instead of broadly t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated software supply chain attack originating from the GitHub account BufferZoneCorp has been uncovered, targeting developers and continuous integration environments through malicious Ruby gems and Go modules. The campaign deployed sleeper p…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Application security provider Checkmarx has officially confirmed a new security incident involving the exposure of its internal GitHub repository. On April 27, 2026, Udi-Yehuda Tamar, the company’s VP of Platform Engineering and Global CISO, reve…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Socket have uncovered a major supply chain compromise affecting the Bitwarden CLI. Attackers successfully abused a GitHub Action in Bitwarden’s CI/CD pipeline to inject malicious code into the popular password manager’…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Forcepoint uncover new indirect prompt injection attacks that use hidden website code to exploit AI assistants like GitHub Copilot.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A coordinated malware operation is abusing fake GitHub repositories to distribute a LuaJIT-based loader, SmartLoader, and a follow-on StealC infostealer, with at least 109 malicious repos active across 103 accounts. The campaign blends cloned open sour…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing GitHub’s own issue-notification emails to phish developers and silently take over their repositories using malicious OAuth applications, effectively turning trusted DevOps tooling into a supply-chain attack vector. Developers are no…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing a fake Proxifier installer hosted on GitHub to deliver a multi‑stage ClipBanker malware that silently hijacks cryptocurrency transactions from infected systems. The campaign combines search‑engine poisoning, trojanized installers, a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A high-severity flaw in GitHub Copilot Chat recently allowed attackers to silently steal sensitive data like API keys and private source code. Tracked as CVE-2025-59145 with a critical CVSS score of 9.6, this vulnerability required no malicious code ex…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
