Tag: github
153 articles

OkoBot Malware Targets Crypto Wallets with 20 Payloads
Beware of OkoBot malware, a sneaky threat that's using clever tactics like fake GitHub repositories and ClickFix attacks to steal your cryptocurrency wallet secrets and sensitive data. This malicious framework is armed with over 20 payloads, making it a formidable foe in the world of cybercrime.

Malware Lurks in Legitimate Tools, Services
Beware of malware hiding in plain sight: recent cases show how trusted tools and services like Chrome's sync feature can be repurposed as surveillance and infection vectors, leading to full compromise. Malicious packages, like 11 fake NuGet game utilities, can sneak in undetected, downloading second-stage payloads and wreaking havoc.

OkoBot Malware Targets Crypto Users Worldwide
Meet OkoBot, a sneaky malware framework that's got crypto users worldwide in its crosshairs, with over 20 malicious payloads and implants that can be assembled in different ways to wreak havoc. It spreads through clever tactics like ClickFix attacks and fake GitHub packages masquerading as legitimate software.

GitHub Repos Impersonate Legit Software to Spread Infostealer Malware
Malicious actors have created 292 fake GitHub repositories that masquerade as legitimate software and security projects, tricking visitors into downloading infostealer malware. These impostor repositories impersonated popular security products, cryptocurrency services, and gaming software, with many still active despite efforts to take them down.

CISA Leak Exposes Gaps in Incident Response, Key Management
A staggering 844 MB of sensitive CISA data was left exposed in a public GitHub repository for almost six months, revealing critical gaps in incident response and key management. The leak included admin credentials and plaintext passwords for internal CISA systems, raising serious concerns about security protocols.

npm Package Infects Developers with Cryptocurrency Wallet Stealer
A malicious npm package, downloaded a staggering 50,000 times weekly, was briefly infected with code that stole cryptocurrency wallet private keys and sensitive seed phrases, putting countless developers at risk. The attack was launched after a contributor's GitHub account was compromised, allowing the hackers to spread the poisoned code across multiple projects.

GitHub Accounts Used to Map Corporate Orgs in Stealthy Campaigns
Cyber attackers are using sneaky tactics, leveraging old or compromised GitHub accounts, to secretly map out corporate organizations and steal sensitive data. They're exploiting loopholes with automated tools and stolen tokens to quietly gather intel from GitHub APIs.

GitHub npm Tightens Security With Disabled Install Scripts
GitHub's latest npm update takes a giant leap in security by disabling install scripts by default, reducing supply-chain risks and giving developers more control. To adapt, plan to switch to trusted publishing or staged publishing with human approval for automated publishing.

GitHub Verified Commits Can Be Rewritten Without Breaking Signatures
A recent study revealed a surprising vulnerability in GitHub's verified commits, showing that signed commits can be rewritten without breaking their digital signatures. This means that tampered code can still be labeled as Verified, posing a significant risk to code security.

GitHub AI Agent Exposes Private Repos to Malicious Prompts
A shocking vulnerability in GitHub's AI-powered Agentic Workflows has been discovered, allowing attackers to expose private repositories with just a cleverly crafted issue and some plain English instructions - no coding skills or credentials required. This flaw lets hackers fetch and publicly share sensitive files, putting organizations at risk.

GitHub Agentic Workflows Exposed to Data Leak Threat via Public Issues
GitHub's Agentic Workflows are vulnerable to a data leak threat, as researchers have demonstrated a clever technique called GitLost that tricks AI agents into spilling private content from secure repositories into public comments. All it takes is a simple public issue to launch the attack, with no stolen credentials or special access required.

Researcher Releases Zero-Day Exploits, Bypassing Disclosure Norms
A pseudonymous security researcher, known as "bikini," has made a bold move by releasing over 30 proof-of-concept exploits for zero-day vulnerabilities in open-source projects, sparking both interest and concern in the cybersecurity community. The researcher behind the Exploitarium GitHub repository is urging users to explore these vulnerabilities for research purposes only.

ChocoPoC Malware Targets Vulnerability Researchers via Fake PoC Repos
Beware of fake proof-of-concept repositories on GitHub - a new malware called ChocoPoC is hiding in plain sight, stealing data from vulnerability researchers through a cleverly designed trap. This sneaky malware uses a dependency chain to infect systems, masquerading as a harmless Python proof-of-concept exploit.

Malware Exploits GitHub PoCs to Target Cybersecurity Researchers
Cybersecurity researchers are being targeted by a sneaky new campaign that uses malicious GitHub proof-of-concept exploits to deliver a remote access trojan, with over 2,400 downloads of a trojanized Python package already recorded. The attack unfolds through a multi-stage supply-chain trick involving compromised PyPI packages.

Malware Delivered via Trojanized GitHub Exploits Targets Security Researchers
Security researchers have been targeted by a sneaky malware campaign that uses trojanized GitHub exploits to deliver a Python-based remote access trojan, hiding in plain sight within popular proof-of-concept code repositories. The malware, downloaded over 2,400 times mostly on Linux-based systems, was spread through malicious packages cleverly concealed in dependency lists on GitHub.

Anonymous Researcher Exploits 15 Software Products with Zero-Day Code Dump
A security bombshell has been dropped: an anonymous researcher has publicly shared exploit code for zero-day vulnerabilities in 15 software products, and hackers are already taking advantage of at least two of them. The alarming revelation has sent shockwaves through the cybersecurity community.

GitHub Repos Used to Deploy Malware via AI Coding Tools
Imagine a GitHub repository that looks perfectly safe, yet can secretly deploy malware on a developer's device - all without triggering any red flags. Researchers have demonstrated just how easily this can happen, using an AI coding agent to run a malicious payload hidden in a seemingly clean project.

Miasma Malware Targets npm, GitHub in Expanded Supply Chain Attack
Over 550 GitHub repositories have been compromised in a massive supply-chain attack, with malware harvesting developer credentials and spreading across package registries and workflows. The attack has already infected numerous npm packages and one Go module, putting developer data at risk.

Cordyceps Flaws Compromise 300+ GitHub Repositories
A newly discovered flaw, dubbed Cordyceps, has left over 300 GitHub repositories vulnerable to exploitation by unauthenticated users, allowing for code execution, credential theft, and supply-chain compromise. This critical weakness can be easily exploited, putting countless open-source projects at risk.

GitHub Bolsters Supply Chain Security by Blocking Pwn Request Patterns
GitHub is stepping up its game to protect your code by blocking common attack patterns on pull requests, helping to prevent security vulnerabilities from untrusted code. As of June 18, 2026, its actions/checkout v7 will refuse risky fork checkouts by default, keeping your workflows safer from attacker-controlled code.

Dify Vulnerabilities Expose AI Chats Across Tenants
Researchers have uncovered four critical vulnerabilities in Dify, a popular AI platform with over 146,000 GitHub stars, that could allow attackers to read sensitive AI conversations across different customer applications without needing authentication. These flaws, collectively known as DifyTap, expose a broad attack surface due to Dify's default multi-tenant setup.

TeamPCP Exploits Open-Source Trust Model in Mass Software Compromise
In a shocking display of cunning, TeamPCP has compromised over 1,000 software packages in under four months, injecting malicious code and redefining the notion of trust in open-source supply chains. This brazen attack has left a trail of destruction, with roughly 500 million weekly downloads affected across major registries like npm, PyPI, and GitHub.

GitHub Phishing Kit Targets Mexican Banks via Cloud Services
A sneaky GitHub phishing kit called "GitBait" has been targeting customers of 12 Mexican banks for three years, cleverly using cloud services like GitHub Pages and Google Sheets to stay under the radar. This cunning operation relied on over 100 GitHub-hosted domains to steal credentials, making it a challenging case for investigators.

North Korean Hackers Exploit Developer Tools in Malware Campaigns
North Korean hackers have launched a sneaky malware campaign, tricking victims into executing cross-platform malware for macOS, Linux, and Windows through malicious scripts hidden in GitHub repositories. Their latest tactic, dubbed UNK_DeadDrop, uses recruitment lures to deliver self-running code to over 75% of targeted organizations across various sectors.