Skip to main content

Tag: github

153 articles

Jenkins plugin page on a computer screen shows a warning message with a blurred software development workspace background.

Checkmarx Plugin Compromised with Infostealer in Supply-Chain Attack

A rogue version of Checkmarx's Jenkins Application Security Testing plugin was compromised by the TeamPCP hacker group, who left a taunting message in the about section, claiming another supply-chain attack success. The group has been linked to a string of similar breaches, delivering credential-stealing malware.

Analyst 207
Laptop screen shows GitHub repository with blurred section, symbolizing restricted access to source code.

NHS Moves to Close-Source GitHub Repos Citing AI Security Risks

The NHS is taking steps to boost security by moving its public GitHub repositories to private access by May 11, amid concerns that AI-powered code analysis could be exploited to uncover sensitive information. This temporary measure aims to prevent unintended disclosure of source code and other critical details.

Analyst 207
Cluttered developer's workspace with laptop, monitors, and notes, hint of GitHub logo on screen.

Microsoft's GitHub troubles expose neglect

Microsoft's recent GitHub troubles have raised red flags about the platform's reliability, sparking concerns among developers, educators, and organisations that rely on it. This comes at a time when Microsoft is pushing users towards paid services and aggressively integrating AI offerings.

Analyst 207
Cluttered home office workspace with laptop and faint GitHub logo.

GitHub Facades Used to Disguise EtherRAT Malware Distribution

Malicious actors have been using 44 cleverly disguised GitHub facades to spread EtherRAT malware, masquerading as legitimate admin and dev tools between December 2025 and April 2026. These fake repositories were designed to manipulate search results, leading victims to download a malicious MSI installer hidden in a second, secret GitHub account.

Analyst 207
Rows of computer servers in a secure data center with subtle coding hints.

GitHub swiftly patches flaw exposing millions of private repos

GitHub quickly squashed a massive security flaw, CVE-2026-3854, that could have let hackers access millions of private repositories with just one sneaky git push. The vulnerability allowed attackers to inject malicious code by exploiting how GitHub handled user-supplied options during git push operations.

Analyst 207
Developer workstation with laptop code on screen, natural light from window behind.

GitHub Flaw Exposes Remote Code Execution to Authenticated Users

A single git push command was all it took to exploit a flaw in GitHub's internal protocol, allowing authenticated users to execute code on backend infrastructure. This shocking vulnerability, tracked as CVE-2026-3854, highlights the potential for devastating remote code execution attacks.

Analyst 207
Large, empty development environment with rows of code on sleek computer screens against a neutral background.

Checkmarx GitHub Data Leaked by LAPSUS$ Hackers

Checkmarx confirmed that hackers from the LAPSUS$ group breached its GitHub repository on March 23, 2026, and published stolen data on April 22, after a series of supply-chain and credential-theft events. The attackers used the access to publish malicious code to certain artifacts, compromising the integrity of Checkmarx's software development process.

Analyst 207
Cluttered developer workstation with laptop, monitors, and notes in a bright office setting.

Supply-Chain Attack Targets Security, Dev Tools with Credential Theft

Malicious hackers are exploiting the very tools developers rely on, including security scanners and password managers, to steal sensitive credentials and gain unauthorized access. This latest supply-chain attack has already hit major players like Checkmarx, compromising their GitHub repository and potentially putting customer data at risk.

Analyst 207
Developer workstation with code on screen in a clean, minimalist environment.

Checkmarx Breach Exposes GitHub Repository Data on Dark Web

Checkmarx revealed that a security breach, linked to a March 23 supply chain attack, exposed sensitive GitHub repository data, which has now surfaced on the dark web. The incident has been contained, with no customer data compromised, as the affected repository was separate from Checkmarx's customer production environment.

Analyst 207
Terminal screen on a laptop in a coding workspace displays code on a blurred background.

Bitwarden CLI Compromised in Checkmarx Supply Chain Attack

A rogue version of the Bitwarden CLI package, identified as @bitwarden/cli@2026.4.0, was compromised in a supply chain attack, stealing sensitive data like GitHub tokens and cloud secrets. The malicious code, hidden in a file called bw1.js, has already been distributed to users, putting their security at risk.

Analyst 207
Person in hoodie sits at laptop with chatbot interface, surrounded by papers and shadowy figures, hinting at cyber threat.

GitHub AI Agents Exposed to Credential Theft via Prompt Injection

Security researchers have uncovered a shocking vulnerability in popular GitHub AI agents, demonstrating how a simple prompt injection technique can be exploited to steal sensitive credentials, leaving users alarmingly exposed. The findings highlight a disturbing lack of transparency from vendors, putting automation and service access at risk.

Analyst 207
DPRK Hackers Exploit GitHub in Multi-Stage Attacks on South Korea

DPRK Hackers Exploit GitHub in Multi-Stage Attacks on South Korea

DPRK hackers have cleverly repurposed GitHub as a secret command center to launch multi-stage attacks on organizations in South Korea. This sneaky tactic starts with obfuscated Windows shortcut files, highlighting the growing creativity of North Korean threat actors.

Analyst 207
GitHub Exposed to Infostealer Malware via Claude Code Leak

GitHub Exposed to Infostealer Malware via Claude Code Leak

A recent leak of Claude's source code has taken a dark turn, with hackers exploiting the situation to spread Vidar, a notorious infostealer malware, by creating fake GitHub repositories that masquerade as legitimate projects. This cleverly crafted bait is luring unsuspecting users into a trap that can have serious cybercrime consequences.

Analyst 207
GitHub Exploited in Sophisticated Malware Campaign

GitHub Exploited in Sophisticated Malware Campaign

Malicious actors have launched a sophisticated malware campaign that exploits GitHub as a covert command-and-control channel, using trusted platforms to evade detection and wreak havoc on unsuspecting organizations. This multi-stage threat employs LNK files, embedded decoders, and PowerShell to establish persistence and exfiltrate sensitive data.

Analyst 207
Secrets Sprawl Hits Alarming 34% Annual Surge

Secrets Sprawl Hits Alarming 34% Annual Surge

The alarming truth is that secrets sprawl has surged 34% in the past year, with a staggering 29 million new hardcoded secrets uncovered in 2025 alone. This explosive growth poses a daunting challenge for CISOs and the cybersecurity community, raising critical questions about our ability to safeguard sensitive information.

Analyst 207
AI Companies: Stunning 65% Leak of Dangerous Secrets

AI Companies: Stunning 65% Leak of Dangerous Secrets

A new study finds about 65% of leading AI companies have accidentally exposed sensitive secrets in public Git repositories like GitHub. Researchers warn those leaks — from API keys to model endpoints — could create stealthy “shadow access” and threaten roughly $400 billion in assets.

Analyst 207
self-replicating worm: Shocking, Devastating NPM Breach

self-replicating worm: Shocking, Devastating NPM Breach

Imagine your everyday npm install quietly stealing your keys — researchers traced a self‑replicating worm to at least 187 NPM packages that exfiltrates developer credentials to GitHub each time an infected package is installed. This outbreak shows how fragile the software supply chain is and why immediate credential rotation, strict dependency hygiene, and better package vetting are essential.

Analyst 207
delivery of pentest results: Must-Have Best Practices

delivery of pentest results: Must-Have Best Practices

Penetration testing uncovers real attack paths, but static PDFs and emails let critical fixes stall — automating delivery into ticketing, CI/CD, and dashboards turns findings into fast, measurable remediation. Adopt continuous workflows to shrink exposure windows, boost collaboration, and make pen-test insights actually stick.

Analyst 207
Red Hat repositories Exclusive Critical Leak

Red Hat repositories Exclusive Critical Leak

Red Hat is scrambling after a hacking group called the Crimson Collective claims to have leaked roughly 570 GB from about 28,000 private repositories — including source code, internal notes and customer documents — a breach that could upend supply chains and privacy protections. If confirmed, assume exposure: rotate credentials, audit CI/CD and follow Red Hat’s guidance while investigators work to assess the full scope.

Analyst 207
DDoS-as-a-Service: Risky ShadowV2 Exclusive Threat

DDoS-as-a-Service: Risky ShadowV2 Exclusive Threat

Meet ShadowV2: a new campaign turning trusted developer platforms like GitHub Codespaces into a pay-as-you-go DDoS factory that lets attackers spin up ephemeral, high-bandwidth instances and sell DDoS-as-a-Service. The result is cheaper, harder-to-detect attacks and a wake-up call for platforms, security teams, and policymakers to rethink defenses before convenience becomes a weapon.

Analyst 207
npm registry Must-Have Fixes Make It Safer

npm registry Must-Have Fixes Make It Safer

A recent wave of phishing and malware-laced npm packages has pushed GitHub to tighten registry security—introducing mandatory 2FA for popular maintainers, trusted publishing rules, and sweeping takedowns—to stop attackers from slipping malicious updates into countless JavaScript projects. These changes aim to make the ecosystem safer without losing the openness that powers modern development.

Analyst 207
self-replicating worm: Stunning Risk to Dev Supply Chains

self-replicating worm: Stunning Risk to Dev Supply Chains

A self-replicating worm has infected nearly 200 NPM packages, stealing developer tokens and publishing them to public GitHub repos so each install can expose even more credentials. If you use open-source dependencies, now’s the time to audit builds, rotate keys, and lock down your developer workflows before the next propagation wave hits.

Analyst 207
GitHub breach: Must-Have Fixes for Risky Attacks

GitHub breach: Must-Have Fixes for Risky Attacks

When Salesloft’s GitHub repo was breached, attackers used exposed artifacts to access customer Salesforce data — and that compromise became the ground zero for a wider campaign affecting Drift. It’s a wake-up call to treat code repositories like sensitive infrastructure: rotate keys, enforce MFA, and scan for leaked secrets before attackers do.

Analyst 207
Salesloft GitHub repository Massive Risky Breach

Salesloft GitHub repository Massive Risky Breach

A March compromise of a Salesloft GitHub repo was used to pivot into Drift, touching hundreds of companies — including Google, Palo Alto Networks and Cloudflare — and exposing how fragile software supply chains and leaked tokens can be. Now’s the time to assume compromise: scan repos for secrets, rotate credentials, lock down permissions, and demand better transparency from your vendors.

Analyst 207