Tag: github
-
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users
The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
-
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users
The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
-
CamoLeak: GitHub Copilot Flaw Allowed Silent Data Theft
A GitHub Copilot Chat bug let attackers steal private code via prompt injection. Learn how CamoLeak worked and how to defend against AI risks. The post CamoLeak: GitHub Copilot Flaw Allowed Silent Data Theft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-github-copilot-data-theft/
-
What AI Reveals About Web Applications”, and Why It Matters
Before an attacker ever sends a payload, they’ve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your systems behave. AI is significantly accelerating reconnaissance and…
-
Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns
Astaroth banking trojan has evolved to use GitHub and steganography for resilient C2, hiding its vital commands in images. Learn how this sophisticated malware employs fileless techniques to steal banking and crypto credentials from users across Latin America. First seen on hackread.com Jump to article: hackread.com/astaroth-trojan-github-images-active-takedowns/
-
Astaroth Trojan abuses GitHub to host configs and evade takedowns
The Astaroth banking Trojan uses GitHub to host malware configs, evade C2 takedowns and stay active by pulling new settings from the platform. McAfee discovered a new Astaroth campaign using GitHub repositories to host malware configurations. This allows attackers to evade takedowns by pulling fresh configs from GitHub whenever C2 servers are shut down, ensuring…
-
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns
Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns.”Instead of relying solely on traditional command-and-control (C2) servers that can be taken down, these attackers are leveraging GitHub repositories to host malware…
-
Astaroth Banking Malware Exploits GitHub for Hosting Configuration Files
McAfee’s Threat Research team recently uncovered a sophisticated new Astaroth campaign that represents a significant evolution in malware infrastructure tactics. This latest variant has abandoned traditional command-and-control (C2) server dependencies in favor of leveraging GitHub repositories to host critical malware configurations. The Astaroth banking malware has evolved beyond conventional C2 server architectures by exploiting GitHub’s…
-
CamoLeak: GitHub Copilot Flaw Allowed Silent Data Theft
A GitHub Copilot Chat bug let attackers steal private code via prompt injection. Learn how CamoLeak worked and how to defend against AI risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/github-copilot-data-theft/
-
GitHub Copilot Flaw Allows Attackers to Steal Source Code from Private Repositories
A critical weakness in GitHub Copilot Chat discovered in June 2025 exposed private source code and secrets to attackers. Rated CVSS 9.6, the vulnerability combined a novel Content Security Policy bypass with remote prompt injection. By embedding hidden prompts in pull requests, attackers could exfiltrate private repository data and control Copilot’s responses, including injecting malicious…
-
GitHub Copilot Chat Flaw Let Private Code Leak Via Images
Researcher Found Bug Could Exfiltrate Secrets Via Camo Images. A now-patched flaw in GitHub Copilot Chat could have allowed attackers to steal private source code and secrets by embedding hidden prompts that hijacked the artificial intelligence assistant’s responses. The exploit also used the code hosting platform’s image proxy to leak the stolen data. First seen…
-
GitHub Copilot ‘CamoLeak’ AI Attack Exfiltrates Data
While GitHub has advanced protections for its built-in AI agent, a researcher came up with a creative proof-of-concept (PoC) attack for exfiltrating code and secrets via Copilot. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-copilot-camoleak-ai-attack-exfils-data
-
GitHub Copilot ‘CamoLeak’ AI Attack Exfiltrates Data
While GitHub has advanced protections for its built-in AI agent, a researcher came up with a creative proof-of-concept (PoC) attack for exfiltrating code and secrets via Copilot. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-copilot-camoleak-ai-attack-exfils-data
-
GitHub Copilot prompt injection flaw leaked sensitive data from private repos
Stealing sensitive data from repositories: Mayraz then wondered: Because Copilot has access to all of a user’s code, including private repositories, would it be possible to abuse it to exfiltrate sensitive information that was never intended to be public? The short answer is yes, but it wasn’t straightforward.Copilot has the ability to display images in…
-
New ‘Fully Undetectable’ Android RAT Discovered on GitHub
Hosted at the repository “Huckel789/Android-RAT,” this fully undetectable (FUD) RAT is designed to evade antivirus detection permanently, maintain persistence in battery-optimized environments, and deliver a feature-rich command-and-control (C2C) experience entirely from a web interface. This Android RAT sets itself apart by eliminating the traditional requirement for a desktop or laptop in the attack chain. A…
-
Security Lessons For All From GitHub’s Hardened Package Publication For npm
GitHub is hardening npm publishing rules but the underlying lessons can be applied by all developers: WebAuthn for writes, OIDC, and short-lived least-privilege credentials. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/security-lessons-for-all-from-githubs-hardened-package-publication-for-npm/
-
Hackers claim to have plundered Red Hat’s GitHub repos
The Crimson Collective, an emerging extortion / hacker group, has made a bombshell claim on their Telegram channel: they have gained access to Red Hat’s GitHub and have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/02/hackers-red-hat-github-breached-customer-data-stolen/
-
570 GByte Github-Daten: Red Hat meldet Sicherheitsvorfall
Die Erpressergruppe Crimson Collective ist angeblich im Besitz vertraulicher Kundendaten von Red Hat – und verlangt ein Lösegeld. First seen on golem.de Jump to article: www.golem.de/news/570-gbyte-github-daten-red-hat-meldet-sicherheitsvorfall-2510-200760.html
-
Cybercrime group claims to have breached Red Hat ‘s private GitHub repositories
The cybercrime group calling itself the Crimson Collective claimed to have compromised Red Hat ‘s private GitHub repositories. The Crimson Collective claimed it had stolen 570GB from Red Hat ‘s private GitHub repositories, including 28,000 projects and approximately 800 Customer Engagement Reports (CERs) with sensitive network data. CERs often contain sensitive info, including infrastructure details,…
-
Red Hat confirms security incident after hackers claim GitHub breach
An extortion group calling itself the Crimson Collective claims to have breached Red Hat’s private GitHub repositories, stealing nearly 570GB of compressed data across 28,000 internal projects. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/red-hat-confirms-security-incident-after-hackers-claim-github-breach/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 64
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Brewing Trouble, Dissecting a macOS Malware Campaign Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware Prompts as Code & Embedded Keys – The Hunt for LLM-Enabled […]…
-
Cybersecurity Snapshot: CISA Highlights Vulnerability Management Importance in Breach Analysis, as Orgs Are Urged To Patch Cisco Zero-Days
Tags: 2fa, access, advisory, api, attack, authentication, breach, business, cisa, cisco, cloud, control, credentials, crime, cve, cyber, cybersecurity, data, defense, endpoint, exploit, fido, finance, firewall, framework, github, grc, guide, identity, incident response, infrastructure, Internet, ISO-27001, kev, law, lessons-learned, malicious, malware, mfa, mitigation, monitoring, network, open-source, phishing, privacy, ransomware, risk, saas, scam, security-incident, service, soc, software, supply-chain, tactics, threat, update, vpn, vulnerability, vulnerability-management, worm, zero-dayCISA’s takeaways of an agency hack include a call for timely vulnerability patching. Plus, Cisco zero-day bugs are under attack, patch now. Meanwhile, the CSA issued a framework for SaaS security. And get the latest on the npm breach, the ransomware attack that disrupted air travel and more! Here are six things you need to…
-
Unofficial Postmark MCP npm silently stole users’ emails
A npm package copying the official ‘postmark-mcp’ project on GitHub turned bad with the latest update that added a single line of code to exfiltrate all its users’ email communication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/unofficial-postmark-mcp-npm-silently-stole-users-emails/
-
How GitHub Is Securing the Software Supply Chain
In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the open-source software supply chain. The post How GitHub Is Securing the Software Supply Chain appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-github-security-npm-supply-chain/
-
Hackers Use GitHub Notifications to Impersonate Y Combinator and Steal Wallet Funds
A recent wave of sophisticated phishing attacks has targeted developers and startups by impersonating Y Combinator through GitHub notifications. Victims are being tricked into believing they’ve been selected for startup funding, only to face financial theft via fake verification schemes. This incident spotlights the new tactics phishers use to exploit trusted online platforms and reputable…
-
Hackers Use GitHub Notifications to Impersonate Y Combinator and Steal Wallet Funds
A recent wave of sophisticated phishing attacks has targeted developers and startups by impersonating Y Combinator through GitHub notifications. Victims are being tricked into believing they’ve been selected for startup funding, only to face financial theft via fake verification schemes. This incident spotlights the new tactics phishers use to exploit trusted online platforms and reputable…