Collecting Cyber-News from over 60 sources

Tag: github

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Jun 24, 2026 4:34 PM

Tags: apache, attack, control, cybersecurity, flaw, github, google, microsoft, open-source, supply-chain

Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains.The “critical exploitable pattern” has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of the largest organizations worldwide, including Microsoft, Google, Apache, and First seen…
Grafana Confirms TanStack npm Supply Chain Attack Led to GitHub Repository Cloning

Jun 24, 2026 3:34 PM

Tags: attack, cloud, cyber, github, supply-chain

Grafana Labs has confirmed that a recent supply chain attack involving the TanStack npm ecosystem resulted in the cloning of its internal GitHub repositories. However, it did not compromise customer production systems or the Grafana Cloud platform. This disclosure follows a thorough internal investigation completed on May 27, 2026, as well as an independent forensic…
Hacker kapern GitHub mit 10.000 Fake-Projekten

Jun 23, 2026 9:33 PM

Tags: ai, crypto, github, hacker

Über 10.000 gefälschte Repositories auf GitHub verteilen Krypto-Trojaner. Experten vermuten, dass die Kampagne gezielt autonome KI-Agenten ins Visier nimmt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/hacker-kapern-github
‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking

Jun 23, 2026 7:34 PM

Tags: apache, flaw, github, google, microsoft, vulnerability

Novee Security reveals Cordyceps, a CI/CD vulnerability in GitHub Actions workflows that let anonymous users poison builds and expose tokens across major projects today. First seen on hackread.com Jump to article: hackread.com/cordyceps-ci-cd-flaw-microsoft-google-apache-repos-hijack/
‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking

Jun 23, 2026 7:34 PM

Tags: apache, flaw, github, google, microsoft, vulnerability

Novee Security reveals Cordyceps, a CI/CD vulnerability in GitHub Actions workflows that let anonymous users poison builds and expose tokens across major projects today. First seen on hackread.com Jump to article: hackread.com/cordyceps-ci-cd-flaw-microsoft-google-apache-repos-hijack/
GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

Jun 23, 2026 5:33 PM

Tags: attack, exploit, github, malicious, software, supply-chain, update

GitHub is moving to strengthen software supply chain security by updating “actions/checkout” to block pwn request attacks that exploit the risky use of the “pull_request_target workflow” trigger to run malicious code with the workflow’s full privileges.Effective June 18, 2026, the latest version of “actions/checkout,” the official GitHub action for checking out a repository into the…
Cordyceps Supply chain Vulnerability Impacting Code Repositories at thousands of Organizations

Jun 23, 2026 3:33 PM

Tags: authentication, control, cyber, github, injection, software, supply-chain, vulnerability

A pervasive CI/CD vulnerability pattern dubbed “Cordyceps” reveals a supply chain vulnerability that lets unauthenticated attackers seize control of Git-based workflows and, by extension, the software artifacts they produce. The issue is not a single bug in GitHub or any one tool; it is a systemic class of insecure workflow compositions. Command injection, broken authentication…
Crypto Heist Fueled by Elaborate Fake Reputation-Boosting Campaign

Jun 22, 2026 7:34 PM

Tags: crypto, github

Attackers are using multiple online channels, including GitHub, YouTube, and VirusTotal, to build an illusion of trust to spread a cross-platform clipboard hijacker. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/crypto-heist-fake-reputation-boosting-campaign
Crypto Heist Fueled by Elaborate Fake Reputation-Boosting Campaign

Jun 22, 2026 7:34 PM

Tags: crypto, github

Attackers are using multiple online channels, including GitHub, YouTube, and VirusTotal, to build an illusion of trust to spread a cross-platform clipboard hijacker. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/crypto-heist-fake-reputation-boosting-campaign
Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants

Jun 22, 2026 7:34 PM

Tags: ai, cybersecurity, flaw, github, intelligence, open-source, vulnerability

Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers’ applications without requiring authentication.The vulnerabilities have been collectively codenamed DifyTap by Zafran Security. First seen on thehackernews.com Jump to article:…
Scammers Use Fake GitHub Stars, VirusTotal Reviews to Spread Crypto Clipper

Jun 22, 2026 3:34 PM

Tags: crypto, github, malware, scam, windows

A multi-platform malware campaign abuses fake trust signals to infect Windows and Mac users with a crypto clipper packed with 15,500 attacker wallets. First seen on hackread.com Jump to article: hackread.com/scammers-fake-github-virustotal-crypto-clipper/
Scammers Use Fake GitHub Stars, VirusTotal Reviews to Spread Crypto Clipper

Jun 22, 2026 3:34 PM

Tags: crypto, github, malware, scam, windows

A multi-platform malware campaign abuses fake trust signals to infect Windows and Mac users with a crypto clipper packed with 15,500 attacker wallets. First seen on hackread.com Jump to article: hackread.com/scammers-fake-github-virustotal-crypto-clipper/
Scammers Use Fake GitHub Stars, VirusTotal Reviews to Spread Crypto Clipper

Jun 22, 2026 3:34 PM

Tags: crypto, github, malware, scam, windows

A multi-platform malware campaign abuses fake trust signals to infect Windows and Mac users with a crypto clipper packed with 15,500 attacker wallets. First seen on hackread.com Jump to article: hackread.com/scammers-fake-github-virustotal-crypto-clipper/
Novo Nordisk Breach Highlights Software Development Pipeline Risk

Jun 22, 2026 3:34 PM

Tags: breach, data-breach, github, identity, programming, risk, software

A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/novo-nordisk-breach-exposes-dev-pipeline-risk
Novo Nordisk Breach Highlights Software Development Pipeline Risk

Jun 22, 2026 3:34 PM

Tags: breach, data-breach, github, identity, programming, risk, software

A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/novo-nordisk-breach-exposes-dev-pipeline-risk
Github als Malware-Schleuder: Trojaner über 10.000 Github-Repos verbreitet

Jun 22, 2026 2:33 PM

Tags: github, malware

Angreifer kopieren auf Github ständig bestehende Code-Repos und schleusen dort Trojaner ein. Die Plattform scheint bisher wenig dagegen zu unternehmen. First seen on golem.de Jump to article: www.golem.de/news/github-als-malware-schleuder-trojaner-ueber-10-000-github-repos-verbreitet-2606-210032.html
GitHub Actions Checkout Adds Protection Against Malicious pull_request_target Workflows

Jun 22, 2026 9:33 AM

Tags: cyber, github, malicious, update, vulnerability

GitHub has implemented a major security enhancement in its Actions ecosystem with the release of actions/checkout v7, which aims to address a long-standing class of vulnerabilities known as “pwn requests.” This update was announced on June 18, 2026, and introduces safer defaults for workflows triggered by the pull_request_target event. This event is one of the…
Massive GitHub Attack Injects Malware into 10,000 Compromised Repositories

Jun 22, 2026 8:33 AM

Tags: attack, cyber, detection, github, malware, monitoring

A large-scale malware distribution campaign utilizing GitHub repositories has been uncovered. This coordinated effort weaponized over 10,000 repositories to deliver Trojanized payloads. The activity was first identified on June 18, 2026, and highlights significant gaps in automated detection and monitoring of repositories on one of the world’s most widely used developer platforms. Massive GitHub Attack…
Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware

Jun 19, 2026 9:34 PM

Tags: crypto, cybercrime, github, malicious, malware, software

A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malicious trading and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/19/fake-github-stars-crypto-stealing-malware/
Microsoft warnt Kunden vor gestohlenen GitHub Miasma-Wurm befällt 73 Microsoft-Repositories und stiehlt KI-Logindaten

Jun 19, 2026 9:34 PM

Tags: ai, credentials, github, microsoft

First seen on security-insider.de Jump to article: www.security-insider.de/miasma-wurm-microsoft-github-repositories-ki-zugangsdaten-a-c09832938b8e85e4c3326613248fc3b8/
Novo Nordisk Breach Exposes Software Development Pipeline Risk

Jun 18, 2026 10:33 PM

Tags: breach, data-breach, github, identity, programming, risk, software

A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/novo-nordisk-breach-exposes-dev-pipeline-risk
Fake GitHub Stars and AI Videos Mask a Crypto Clipper

Jun 18, 2026 5:34 PM

Tags: ai, crypto, github, rust

A Rust crypto clipper hides behind fake GitHub stars and AI-narrated YouTube videos First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crypto-clipboard-hijacker-fake/
Windows Defender Vulnerability Exposed as RoguePlanet PoC Spreads Online

Jun 18, 2026 2:34 PM

Tags: cybersecurity, data-breach, exploit, github, microsoft, update, vulnerability, windows

A newly disclosed Windows Defender vulnerability, tracked as CVE-2026-50656 and dubbed RoguePlanet, has raised concerns across the cybersecurity community after a working proof-of-concept (PoC) exploit was released before a security patch became available. The exploit was published on GitHub by security researcher Nightmare Eclipse on June 10, 2026, only hours after Microsoft issued its June Patch Tuesday updates. First seen…
Mastra AI Framework Poisoned in npm Supply-Chain Attack

Jun 18, 2026 2:34 PM

Tags: ai, attack, framework, github, intelligence, microsoft, supply-chain

Microsoft-Owned GitHub, Which Runs npm, Previews Supply-Chain Security Fixes. The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation pipelines, has been poisoned by attackers, and Microsoft-owned GitHub has advised all developers to downgrade Mastra, pending compromised packages being found and eradicated. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/mastra-ai-framework-poisoned-in-npm-supply-chain-attack-a-32003
Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments

Jun 17, 2026 9:02 PM

Tags: ai, crypto, github, phishing, threat, wordpress

An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research.The threat actor also has at their disposal a dedicated WordPress phishing page that acts as the central hub, alongside GitHub and SourceForge projects promoted…
Serverless Phishing Kit on GitHub Targets Mexican Banks

Jun 17, 2026 5:02 PM

Tags: api, banking, credentials, finance, github, phishing

GitBait phishing kit abuses GitHub Pages and the SheetBest API to steal Mexican banking credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/gitbait-github-pages-sheetbest/
Modular Phishing Kit Uses GitHub Pages to Steal Payment Card Details and Passwords

Jun 17, 2026 4:02 PM

Tags: banking, credentials, cyber, data, github, password, phishing

A sophisticated, long-running phishing operation has evolved into a serverless, modular campaign that weaponizes GitHub Pages to harvest payment card data, credentials, and customer identifiers from banking customers in Mexico. The campaign’s architecture centers on a phishing kit containing a selector panel that operators use to generate institution-specific landing pages. Those landing pages impersonate at…
GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say

Jun 17, 2026 12:02 PM

Tags: exploit, flaw, github, software, supply-chain, vulnerability, worm

GitHub rejected two formal vulnerability reports identifying design flaws that researchers say are enabling variants of the Shai-Hulud supply-chain worm to infect and compromise hundreds of software packages and developer accounts worldwide. First seen on therecord.media Jump to article: therecord.media/github-dismissed-reports-shai-hulud-deep-specter
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection

Jun 17, 2026 8:02 AM

Tags: advisory, attack, authentication, cve, cyber, flaw, framework, github, injection, vulnerability

A critical security vulnerability tracked as CVE-2026-49468 has been disclosed in the LiteLLM framework, exposing deployments to authentication bypass attacks via Host header injection. The issue, published in the GitHub Advisory Database and classified under GHSA-4xpc-pv4p-pm3w, affects all LiteLLM versions before 1.84.0 and has been assigned a critical severity rating due to its potential impact…
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection

Jun 17, 2026 8:02 AM

Tags: advisory, attack, authentication, cve, cyber, flaw, framework, github, injection, vulnerability

A critical security vulnerability tracked as CVE-2026-49468 has been disclosed in the LiteLLM framework, exposing deployments to authentication bypass attacks via Host header injection. The issue, published in the GitHub Advisory Database and classified under GHSA-4xpc-pv4p-pm3w, affects all LiteLLM versions before 1.84.0 and has been assigned a critical severity rating due to its potential impact…