-
Hackers are increasingly abusing trusted software development platforms GitHub and GitLab to host malware and credential phishing campaigns, making defensive detection significantly harder for enterprises. Because these Git-based platforms are deeply i…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are turning the Claude Code source leak into an active malware-delivery channel, using GitHub Releases to push the Vidar stealer and GhostSocks under the guise of “leaked” Anthropic tooling. The incident shows how human and governance failures …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing Windows shortcut files and GitHub to run a stealthy, multi‑stage malware campaign against organizations in South Korea. The operation chains LNK files, PowerShell, and GitHub APIs to deliver surveillance tools while blending into no…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An automated campaign abusing GitHub’s pull_request_target workflow trigger to steal CI/CD secrets at scale. The attacker, using the handle ezmtebo, fired off more than 475 malicious pull requests (PRs) in just 26 hours, impersonating routine CI config…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers from FortiGuard Labs have uncovered a high-severity spying campaign targeting South Korean companies. Discover how North Korean…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new phishing campaign that uses malicious Windows shortcut (LNK) files to target users in South Korea, while abusing GitHub as Command and Control (C2) infrastructure to hide its activity. The operation, linked through tooling and tradecraft to North…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitHub developers face rising giveaway scams. Verify repos, links, and maintainers before acting. Avoid rushed clicks, fake rewards, and risky wallet actions.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI Codex vulnerability allowed attackers to steal GitHub tokens via malicious branch names using hidden Unicode command injection flaw.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OX Security reveals a new phishing campaign targeting GitHub developers. Scammers use fake OpenClaw token giveaways to trick users into connecting and draining their crypto wallets
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale malware operation abusing GitHub to deliver a custom LuaJIT-based trojan to developers, gamers, and everyday users through convincing but trojanized repositories. The campaign, tracked as “TroyDen’s Lure Factory,” spans more than 300 deli…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
