Fake GitHub CI Update Steals Secrets and Tokens

An automated campaign abusing GitHub’s pull_request_target workflow trigger to steal CI/CD secrets at scale. The attacker, using the handle ezmtebo, fired off more than 475 malicious pull requests (PRs) in just 26 hours, impersonating routine CI config…

·

cyber security, Cyber Security News, GitHub

¶¶¶¶¶

North Korean Hackers Abuse GitHub to Spy on South Korean Firms

Researchers from FortiGuard Labs have uncovered a high-severity spying campaign targeting South Korean companies. Discover how North Korean…

·

Cyber Attack, Cyber-Attacks, cybersecurity, FortiGuard, GitHub, Lazarus, North Korea, PowerShell, Security, South Korea, Windows

¶¶¶¶¶

North Korea Uses GitHub as C2 in New LNK Phishing Campaign

A new phishing campaign that uses malicious Windows shortcut (LNK) files to target users in South Korea, while abusing GitHub as Command and Control (C2) infrastructure to hide its activity. The operation, linked through tooling and tradecraft to North…

·

cyber security, Cyber Security News, GitHub, Phishing

¶¶¶¶¶

Why GitHub Developers Are Targeted by Token Giveaway Scams

GitHub developers face rising giveaway scams. Verify repos, links, and maintainers before acting. Avoid rushed clicks, fake rewards, and risky wallet actions.

·

cybersecurity, Developers, Fraud, GitHub, Giveaway Scam, SCAM, Scams and Fraud, Security

¶¶¶¶¶

OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens

OpenAI Codex vulnerability allowed attackers to steal GitHub tokens via malicious branch names using hidden Unicode command injection flaw.

·

BeyondTrust, ChatGPT, Codex, cybersecurity, GitHub, OpenAI, Security, Unicode, vulnerability

¶¶¶¶¶

Fake OpenClaw Token Giveaway Targets GitHub Devs with Wallet-Draining Scam

OX Security reveals a new phishing campaign targeting GitHub developers. Scammers use fake OpenClaw token giveaways to trick users into connecting and draining their crypto wallets

·

Crypto, cybersecurity, Developers, Fraud, GitHub, OpenClaw, Phishing, Phishing Scam, SCAM, Security

¶¶¶¶¶

AI-Driven ‘OpenClaw Trap’ Campaign Targets Developers and Gamers via Trojanized GitHub Repos

A large-scale malware operation abusing GitHub to deliver a custom LuaJIT-based trojan to developers, gamers, and everyday users through convincing but trojanized repositories. The campaign, tracked as “TroyDen’s Lure Factory,” spans more than 300 deli…

·

AI, cyber security, Cyber Security News, GitHub

¶¶¶¶¶

Aqua Security’s Trivy Scanner Hit by Supply Chain Attack, Threatening Software Integrity

A sophisticated supply chain attack compromised Aqua Security’s popular open-source Trivy vulnerability scanner. Threat actors successfully distributed malicious code through the project’s GitHub Actions, targeting deployment pipelines to silentl…

·

cyber security, Cyber Security News, GitHub, vulnerability

¶¶¶¶¶

Open VSX Extension Delivers RAT and Stealer via GitHub Downloader

An Open VSX extension used by thousands of developers has been caught silently pulling a full-featured remote access trojan and infostealer from GitHub. The KhangNghiem/fast-draft extension, listed on open-vsx.org and tracked at over 26,000 downloads a…

·

cyber security, Cyber Security News, GitHub

¶¶¶¶¶

ForceMemo Hijacks GitHub Accounts, Backdoors Python Repos

ForceMemo is an active software supply‑chain campaign hijacking GitHub accounts and silently backdooring Python repositories via force‑pushed commits that look legitimate in the web UI. It builds on GlassWorm’s stolen‑token ecosystem and uses the Solan…

·

cyber security, Cyber Security News, GitHub

¶¶¶¶¶

1010.cx

1010.cx

Category: GitHub