-
A recent wave of sophisticated phishing attacks has targeted developers and startups by impersonating Y Combinator through GitHub notifications. Victims are being tricked into believing they’ve been selected for startup funding, only to face fina…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale campaign targeting Mac users is leveraging fake GitHub pages to distribute information-stealing malware disguised as popular legitimate applications. Among the impersonated software are Malwarebytes for Mac, LastPass, Citibank, SentinelOn…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Open source software powers much of today’s technology, enabling developers around the world to build and share tools, libraries, and applications. However, the same openness that drives innovation also presents serious security challenges. Attackers r…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a new phishing campaign that exploits GitHub’s official notification system to deliver malicious links and credential-stealing payloads. By capitalizing on the trust that open-source contributors place in GitHub…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign is targeting Mac users through fraudulent GitHub repositories that masquerade as legitimate software downloads, with threat actors exploiting search engine optimization tactics to deliver malicious links directly to uns…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The developers behind the PureHVNC remote access trojan (RAT) have been uncovered using GitHub repositories to host critical components and plugin source code for their Pure malware family. Check Point Research’s recent forensic analysis of an eight-da…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malvertising campaign has been uncovered targeting unsuspecting users through “dangling commits” in a legitimate GitHub repository. Attackers are injecting promotional content for a counterfeit GitHub Desktop installer into popular deve…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered attack method targeting ArgoCD and Kubernetes that could give red-teamers fresh ammo and blue-teamers fresh headaches. This technique lets an attacker abuse Kubernetes DNS to steal powerful Git credentials from ArgoCD, potentially ta…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitHub repositories for malware delivery through sophisticated weaponized LNK files, according to recent analysis by S2W’s Threat Intelligence Center, TALON. This campaign demonstrates the group’s evolving tactics in leveraging trusted plat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new malware campaign exploiting trusted platforms and hardware-dependent evasion techniques targets IT professionals across Western Europe. Cybersecurity researchers have uncovered a highly sophisticated malware distribution campaign th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
