Tag: github
-
GitHub Abused to Spread Amadey, Lumma and Redline InfoStealers in Ukraine
Hackers abused fake GitHub accounts to spread Emmenhtal, Amadey, Lumma and Redline infoStealers in attacks linked to a phishing campaign targeting Ukraine in early 2025. First seen on hackread.com Jump to article: hackread.com/github-abused-amadey-lumma-redline-infostealers-ukraine/
-
MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities
Cisco Talos uncovered a stealthy Malware-as-a-Service (MaaS) operation that used fake GitHub accounts to distribute a variety of dangerous payloads and evade security defenses. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/maas-operation-using-emmenhtal-and-amadey-linked-to-threats-against-ukrainian-entities/
-
AsyncRAT Spawns Concerning Labyrinth of Forks
Since surfacing on GitHub in 2019, AsyncRAT has become a poster child for how open source malware can democratize cybercrime, with a mazelike footprint of variants available across the spectrum of functionality. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/async-rat-labyrinth-forks
-
Octalyn Stealer Harvests VPN Configs, Passwords, and Cookies in Organized Folder Structure
The Octalyn Forensic Toolkit, which is openly accessible on GitHub, has been revealed as a powerful credential stealer that poses as a research tool for red teaming and digital forensics. This is a worrying development for cybersecurity. Developed with a C++-based payload module and a Delphi-built graphical user interface (GUI) builder, the toolkit lowers the…
-
AsyncRAT’s Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe
Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT, which was first released on GitHub in January 2019 and has since served as the foundation for several other variants.”AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a…
-
AsyncRAT evolves as ESET tracks its most popular malware forks
AsyncRAT is an open-source remote access trojan that first appeared on GitHub in 2019. It includes a range of typical RAT capabilities, such as keylogging, screen capture, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/15/asyncrat-forks-eset-research/
-
Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub
Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEYs to be weaponized to gain remote code execution capabilities on hundreds of applications.”Laravel’s APP_KEY, essential for encrypting sensitive data, is often leaked publicly (e.g., on GitHub),” GitGuardian said. “If attackers get access to this key, they can exploit a deserialization flaw to…
-
Hackers Exploit GitHub to Distribute Malware Disguised as VPN Software
CYFIRMA has discovered a sophisticated cyberattack campaign in which threat actors are using GitHub to host and disseminate malware masquerading as genuine software. Masquerading as “Free VPN for PC” and “Minecraft Skin Changer,” these malicious payloads are designed to trick users into downloading a dangerous malware dropper named Launch.exe. Hosted on the GitHub repository github[.]com/SAMAIOEC,…
-
GitPhish: New Tool Automates GitHub Device Code Phishing Attacks
Security researchers revealed the dangers of GitHub Device Code Phishing”, a technique that leverages the OAuth 2.0 Device Authorization Grant flow. This method can turn a simple eight-digit code and a phone call into a full compromise of an organization’s GitHub repositories and software supply chain. Despite its simplicity, executing these attacks at scale has…
-
Supply Chain Attack Unleashed via Compromised VS Code Extension
Tags: attack, blockchain, crypto, cyber, github, malicious, open-source, software, supply-chain, threat, toolA sophisticated supply chain attack targeting cryptocurrency developers through the compromise of ETHcode, a legitimate Visual Studio Code extension with nearly 6,000 installations. The attack, executed through a malicious GitHub pull request, demonstrates how threat actors can weaponize trusted development tools using minimal code changes, raising serious concerns about open-source software security in the blockchain…
-
How To Automate Ticket Creation, Device Identification and Threat Triage With Tines
Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community – all free to import and deploy through the platform’s Community Edition.A recent standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. Developed…
-
Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times.The compromise, per ReversingLabs, occurred via a GitHub pull request that was opened by a user named Airez299 on June 17, 2025.First released by 7finney in 2022, Ethcode…
-
Forscher macht aus gelöschten Commits 25.000 US-Dollar
Wer glaubt, unabsichtlich committete Zugangsdaten in einem Github-Repo einfach löschen zu können, der irrt. Ein Forscher kassiert damit Bug-Bounty-Prämien. First seen on golem.de Jump to article: www.golem.de/news/github-forscher-macht-aus-geloeschten-commits-25-000-us-dollar-2507-197760.html
-
GitPhish: Open-source GitHub device code flow security assessment tool
GitPhish is an open-source security research tool built to replicate GitHub’s device code authentication flow. It features three core operating modes: an authentication … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/03/gitphish-open-source-github-device-code-flow-security-assessment-tool/
-
Auf der Suche nach Alternativen zum CVE-Programm
Tags: advisory, ceo, cisa, cve, cvss, cyber, cyersecurity, exploit, github, google, group, infrastructure, intelligence, kev, microsoft, nist, nvd, open-source, oracle, ransomware, resilience, risk, siem, soar, software, supply-chain, threat, tool, update, vulnerability, vulnerability-management, zero-daySollte das CVE-Programm eingestellt werden, wäre die Bewertung und Behebung von Sicherheitslücken schwieriger.Der jüngste kurze Panikausbruch wegen der möglichen Einstellung des Common Vulnerabilities and Exposures (CVE)-Programms hat die starke Abhängigkeit der Sicherheitsbranche von diesem Programm deutlich gemacht. Er führte zu Diskussionen über Notfallstrategien , falls das standardisierte System zur Identifizierung und Katalogisierung von Schwachstellen nicht…
-
Microsoft open-sources VS Code Copilot Chat extension on GitHub
Microsoft has released the source code for the GitHub Copilot Chat extension for VS Code under the MIT license. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-open-sources-vs-code-copilot-chat-extension-on-github/
-
LLMs are guessing login URLs, and it’s a cybersecurity time bomb
Tags: ai, api, blockchain, cybersecurity, data, github, LLM, login, malicious, monitoring, office, risk, supply-chain, trainingGithub poisoning for AI training: Not all hallucinated URLs were unintentional. In an unrelated research, Netcraft found evidence of attackers deliberately poisoning AI systems by seeding GitHub with malicious code repositories.”Multiple fake GitHub accounts shared a project called Moonshot-Volume-Bot, seeded across accounts with rich bios, profile images, social media accounts and credible coding activity,” researchers…
-
‘pull_request_target” – Fehleranfällige GitHub-Einstellung führt zu massiver Sicherheitslücke
First seen on security-insider.de Jump to article: www.security-insider.de/analyse-sicherheitsluecken-github-actions-a-0076b3219f13a6985986b30af281b949/
-
Beyond CVE: The hunt for other sources of vulnerability intel
Tags: advisory, application-security, china, cisa, cve, cyber, cybersecurity, data, exploit, flaw, github, government, guide, infrastructure, intelligence, kev, microsoft, nvd, oracle, ransomware, risk, siem, soar, software, threat, tool, update, vulnerability, zero-dayCurrent alternatives include diverse vendor sources: Independent providers of aggregated vulnerability information such as Flashpoint, VulnCheck, Tenable, BitSight and others are another option. Many of these vendors offer curated datasets that capture vulnerabilities often missed or delayed by CVE, Lefkowitz points out. They also offer critical context such as exploitability, ransomware risk, and social risk.”To…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 51
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Ransomware Gangs Collapse as Qilin Seizes Control Dissecting a Python Ransomware distributed through GitHub repositories SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play Uncovering a Tor-Enabled Docker Exploit…
-
Replacing a GitHub Personal Access Token With a GitHub Application
5 min readFollow this hands-on walkthrough to create a GitHub App, generate installation tokens, and swap fragile PATs out of your workflows. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/replacing-a-github-personal-access-token-with-a-github-application/
-
Critical Convoy Flaw Allows Remote Code Execution on Servers
A critical vulnerability (CVE-2025-52562) in Performave Convoy”, a KVM server management panel widely used by hosting providers”, enables unauthenticated attackers to execute arbitrary code on affected systems. Rated the maximum CVSS score of 10.0, this flaw exposes servers to complete compromise without requiring authentication. Vulnerability Summary According to the Github report, the flaw resides in…
-
OPPO Clone Phone Vulnerability Leaks Sensitive Data via Weak WiFi Hotspot
A newly disclosed security vulnerability in OPPO’s widely used Clone Phone app has raised significant concerns over user privacy, as it exposes sensitive data through a weakly secured WiFi hotspot. The flaw, cataloged as CVE-2025-27387, has been rated as high severity and was published in the National Vulnerability Database and GitHub Advisory Database within the…
-
North Korean Hackers Weaponize GitHub Infrastructure to Distribute Malware
Tags: attack, cyber, cybersecurity, github, group, hacker, infrastructure, malicious, malware, north-korea, powershell, threatCybersecurity researchers have uncovered a sophisticated spearphishing campaign orchestrated by the North Korean threat group Kimsuky, leveraging GitHub as a critical piece of attack infrastructure to distribute malware since March 2025. This operation, identified through analysis of a malicious PowerShell script posted on X, showcases an alarming abuse of legitimate platforms like GitHub and Dropbox…
-
Fake Minecraft Mods on GitHub Found Stealing Player Data
Malware hidden in fake Minecraft Mods on GitHub is stealing passwords and crypto from players. Over 1,500 devices may be affected, researchers warn. First seen on hackread.com Jump to article: hackread.com/fake-minecraft-mods-github-found-stealing-player-data/
-
New GitHub Copilot limits push AI users to pricier tiers
Welcome to bill shock, AI style First seen on theregister.com Jump to article: www.theregister.com/2025/06/20/github_begins_enforcing_premium_request/
-
Tonic Validate is now available on GitHub Marketplace!
Tonic Validate, our free, open-source library for evaluating RAG and LLM-based applications, can be run entirely as a GitHub Action. And it’s now available for quick deployment on GitHub Marketplace! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/tonic-validate-is-now-available-on-github-marketplace/
-
Tonic Validate is now on GitHub Marketplace! (Part 2)
Tonic Validate is a free, open-source library for evaluating RAG and LLM based applications. We recently announced a new listing on GitHub Marketplace that provides a GitHub Actions template to run Tonic Validate against code changes on every commit. Today, we’re following up with an additional listing that allows you to establish integration tests each…
-
Novel Banana Squad campaign taps GitHub repos for malware distribution
First seen on scworld.com Jump to article: www.scworld.com/brief/novel-banana-squad-campaign-taps-github-repos-for-malware-distribution
-
Hackers Post Dozens of Malicious Copycat Repos to GitHub
As package registries find better ways to combat cyberattacks, threat actors are finding other methods for spreading their malware to developers. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/dozens-malicious-copycat-repos-github