News

CSO Online4d
GitHub package limit put law firm in security bind
A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public ...
These fake GitHub "security alerts" could actually let hackers hijack your account
Security researchers spot new phishing campaign targeting GitHub users A fake "security alert" GitHub account was notifying users of suspicious logins The links in the notification all point to a ...
GitHub’s new AI coding agent can fix bugs for you
GitHub is launching an AI coding agent that can do things like fix bugs, add features, and improve documentation — all on a ...
Bleeping Computer1y
GitHub comments abused to push malware via Microsoft repo URLs
BleepingComputer looked into it and found that the files are not part of vcpkg but were uploaded as part of a comment left on a commit or issue in the project. When leaving a comment, a GitHub ...
TechRadar2mon
Hundreds of GitHub repositories hijacked to trick users into downloading malware
Cybersecurity researchers Kaspersky have iscovered a longstanding, widespread criminal campaign targeting software developers with information-stealing malware. Kaspersky said it observed hundreds ...
SecurityWeek16d
Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack
Supply chain attack compromises the popular rand-user-agent scraping NPM package to deploy and activate a backdoor.
Computing3mon
Lazarus Group hiding malware in GitHub and open-source packages
The group slips “undetectable” malware into GitHub ... packages disguised as legitimate DeepSeek AI libraries were removed from PyPI after extracting sensitive credentials from developers ...
Bleeping Computer3y
Open source 'Package Analysis' tool finds malicious npm, PyPI packages
The Open Source Security Foundation (OpenSSF ... the open source project released on GitHub, was able to identify over 200 malicious npm and PyPI packages. This week, OpenSSF released its ...