Tag: github
153 articles

GitHub Bolsters npm with Security Updates to Thwart Supply Chain Attacks
GitHub is stepping up its game to protect against supply chain attacks by introducing security updates to npm, aiming to prevent hostile code from running amok during package installation. With the upcoming npm v12, three historically permissive defaults are being flipped to prioritize explicit opt-in over implicit trust.

GitHub Disrupts Supply Chain Attacks by Blocking npm Install Scripts
GitHub is taking a bold step to safeguard the npm ecosystem by blocking install scripts from running by default, tackling the single largest code-execution surface in the ecosystem. This move, part of npm 12's release, aims to prevent supply chain attacks by requiring explicit permission for scripts to run.

Miasma Worm Source Code Leaked, Threatens Open-Source Ecosystem
The Miasma worm's source code leak is a game-changer, putting the entire open-source ecosystem at risk after already infiltrating 73 Microsoft repositories on GitHub. This credential-stealing attack framework operates autonomously, spreading rapidly by infecting developer machines and compromising legitimate repositories.

GitHub Bolsters npm Security to Thwart Supply-Chain Attacks
GitHub's upcoming npm v12 update is a game-changer for supply-chain security, as it will require explicit approval for automated actions like install scripts and dependency resolution that are often exploited by attackers. This move aims to shut down common code-execution paths and give developers, CI/CD pipelines, and security teams greater control over their code.

GitHub Overhauls npm Defaults to Thwart Script-Based Attacks
GitHub is taking a major step to boost npm security by changing its default settings to block automatic execution of install-time lifecycle scripts, a common vulnerability exploited in script-based attacks. Starting with npm 12, these scripts will require explicit permission to run, unless explicitly allowed via a new allowlist mechanism.

Miasma Worm Spreads as Open-Source Toolkit Compromises GitHub Repos
A newly discovered open-source toolkit, known as Miasma Worm, is wreaking havoc on GitHub repositories, allowing attackers to execute a range of malicious activities via stolen credentials. This powerful supply chain attack toolkit can compromise multiple platforms, including PyPI, npm, and RubyGems, and even spread through AI coding tools and SSH-based lateral movement.

Microsoft Probes Miasma Campaign as GitHub Repos Remain Offline
Microsoft swiftly took action to safeguard its customers and the broader ecosystem by temporarily removing some GitHub repositories while investigating a software supply chain intrusion. The company has since restored some, but others remain offline as the probe continues.

GitHub Disrupts Microsoft Repos Hosting Password-Stealing Malware
In a lightning-fast response, GitHub and Microsoft swiftly contained a malware incident on June 5, removing 73 repositories and restoring disrupted developer workflows in a mere 105 seconds. The quick takedown prevented password-stealing malware from causing further harm, showcasing the companies' commitment to protecting their platforms.

Android Malware NFCShare Targets Europe Banks via GitHub Updates
Malicious actors are using GitHub to spread new variants of the NFCShare Android malware, disguising them as banking app updates to target customers of European banks. Victims are first lured into downloading the malware through phishing sites that mimic real banks, where they're prompted to install a fake update.

North Korean Hackers Exploit Coding Lures to Steal Crypto Credentials
In a sneaky move, North Korean hackers sent over 250 emails with innocent-looking coding tasks to nearly 100 US-based organizations, tricking them into handing over cryptocurrency credentials. The clever phishing scam, tracked as UNK_DeadDrop, targeted tech, education, and finance firms, with a special focus on cryptocurrency companies.

Miasma Worm Exposes GitHub Repositories in Supply Chain Attack
A sneaky Miasma worm has infiltrated 73 Microsoft GitHub repositories, putting countless projects at risk in a self-replicating supply chain attack. This malicious campaign is a stark reminder of the rapidly evolving threats lurking in the shadows of our digital supply chains.

GitHub Disrupts Microsoft Repos Amid Suspected Worm Infections
GitHub took drastic action, removing over 70 Microsoft repositories and disrupting critical code pipelines, after detecting suspected worm infections. This swift move has left many automated builds and deployments in limbo.

Miasma Worm Targets Microsoft GitHub Repositories in Supply Chain Attack
GitHub has taken swift action, disabling access to 73 Microsoft repositories across four organizations after a sneaky supply chain attack by the Miasma Worm compromised code on the platform. The disruption was triggered when the malware targeted Microsoft's GitHub repositories, prompting site-wide warnings and restricted access.

Flaw in Claude Code GitHub Action Exposes Repositories to Hijacking
A security researcher discovered a logic hole in Anthropic's Claude Code GitHub Action that could let attackers hijack vulnerable public repositories with just a single opened GitHub issue. This flaw exploited broad read and write permissions, putting countless repositories at risk.

Bug Hunter Exposes Microsoft VS Code Flaw in Protest of Disclosure Handling
A bug hunter's frustrating experience with Microsoft's disclosure process sparked a protest, as Ammar Askar publicly exposed a VS Code flaw that could allow attackers to steal OAuth tokens and access GitHub repositories. Askar's proof-of-concept exploit highlights the vulnerability, which was previously mishandled by Microsoft's security response team.

GitHub Dev Attack Exploits OAuth Tokens
A single click can be all it takes for an attacker to swipe a GitHub token, giving them free rein to read and write to your private repos. Security researcher Ammar Askar warns that a clever exploit in GitHub.dev's web-based editor can turn a harmless link into a token-stealing threat.

VS Code Zero-Day Vulnerability Exposes GitHub Tokens to Theft
A security researcher just revealed a shocking VS Code zero-day vulnerability that lets attackers swipe your GitHub authentication tokens with just one click, exposing your online projects to potential theft. This exploit cleverly abuses VS Code's system to run malicious code and extract sensitive tokens.

Malware Worms Red Hat npm Packages, Targets Cloud Credentials
A single compromised Red Hat employee's GitHub account was used to seed dozens of Red Hat npm package releases with a self-propagating credential-stealer, putting cloud credentials at risk. The malicious packages, downloaded around 80,000 times a week, are still considered a live threat.

Red Hat npm Packages Compromised in Supply-Chain Attack
A recent supply-chain attack compromised 32 Red Hat npm packages, affecting 117,000 weekly downloads, after attackers backdoored 96 package versions under the @redhat-cloud-services namespace. The breach occurred when a Red Hat employee's GitHub account was compromised, allowing malicious commits to be pushed.

Atlas Menu Hack Exposes 64,000 User Records
A shocking security breach has hit Atlas Menu, a popular cheat service for Grand Theft Auto, with an attacker claiming to have fully compromised the system and leaked 64,000 user records online. The hacker also made the disturbing allegation that Atlas Menu was secretly taking screenshots of users' machines.

AI-Generated Malware Exposes Operator's GitHub Token
A malicious npm package, disguised as a harmless sync utility called "mouse5212-super-formatter", was downloaded 676 times before it was caught stealing sensitive data and exposing its creator's GitHub token. This AI-generated malware cleverly hid its true intentions, uploading stolen files to a fake repository and covering its tracks.

Malicious npm Package Targets Claude AI User Files via GitHub
Disguising itself as a harmless archive deployment sync tool, the malicious npm package mouse5212-super-formatter secretly synced local workspace files to a remote tracking tree, allowing attackers to target user files on GitHub.

GitHub Tags Exploited to Deploy Credential-Stealing Malware
Malicious actors have manipulated hundreds of GitHub tags to spread credential-stealing malware through popular Laravel Lang localization packages, putting countless users at risk. By rewriting historical tags, attackers tricked Composer installations into downloading the malicious payload.

GitHub-Hosted Malware Targets PHP Packages in Coordinated Supply Chain Attack
Malicious code was injected into eight PHP packages on Packagist, triggering a Linux binary download from GitHub Releases via JavaScript lifecycle hooks in package.json postinstall scripts. The attack was swiftly contained, with the malicious versions removed from Packagist.