Tag: github
-
More than a hundred backdoored malware repos traced to single GitHub user
Someone went to great lengths to prey on the next generation of cybercrooks First seen on theregister.com Jump to article: www.theregister.com/2025/06/05/backdoored_malware_repos/
-
Backdoor im Code: Hacker trickst Scriptkiddies mit Fake-Trojaner aus
Wer auf Github nach Open-Source-Trojanern sucht, sollte Vorsicht walten lassen. Nicht selten enthalten die Projekte eine gefährliche Backdoor. First seen on golem.de Jump to article: www.golem.de/news/backdoor-im-code-hacker-trickst-scriptkiddies-mit-fake-trojaner-aus-2506-196875.html
-
What the Arc Browser Story Reveals About the Future of Browser Security
By Dakshitaa Babu, Security Researcher, SquareX In a candid letter that Joshua Miller, CEO of Arc Browser, wrote to the community, he revealed a truth the tech industry has been dancing around: “the dominant operating system on desktop wasn’t Windows or macOS anymore”Š”, “Šit was the browser.” The evidence is everywhere”Š”, “Šcloud revenue surging year…
-
Hacker targets other hackers and gamers with backdoored GitHub code
A hacker targets other hackers, gamers, and researchers with exploits, bots, and game cheats in source code hosted on GitHub that contain hidden backdoors to give the threat actor remote access to infected devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacker-targets-other-hackers-and-gamers-with-backdoored-github-code/
-
Widespread Campaign Targets Cybercriminals and Gamers
Sophos has uncovered a scheme planting malicious code in 130+ GitHub repositories, targeting hackers and gamers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/campaign-targets-cybercriminals/
-
‘Deliberate attack’ deletes shopping app’s AWS and GitHub resources
CEO of India’s KiranaPro, which brings convenience stores online, vows to name the perp First seen on theregister.com Jump to article: www.theregister.com/2025/06/04/kiranapro_cyberattack_deletes_cloud_resources/
-
Hackers Abuse AI Tool Misconfigurations to Execute Malicious AI-Generated Payloads
A malicious threat actor has exploited a misconfigured instance of Open WebUI, a widely-used self-hosted AI interface with over 95,000 stars on GitHub, designed to enhance large language models (LLMs). This incident underscores the growing risks associated with internet-exposed AI tools, as attackers leveraged administrative access on a vulnerable system to inject malicious AI-generated Python…
-
Frequently Asked Questions About BadSuccessor
Frequently asked questions about “BadSuccessor,” a zero-day privilege escalation vulnerability in Active Directory domains with at least one Windows Server 2025 domain controller. Background Tenable’s Research Special Operations (RSO) and the Identity Content team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a newly disclosed zero-day in Active Directory called BadSuccessor. FAQ…
-
Cryptojacking Campaign Exploits DevOps APIs Using OffShelf Tools from GitHub
Cybersecurity researchers have discovered a new cryptojacking campaign that’s targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies.Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations and…
-
Visual Studio 2022 v17.14: New Agent Mode and Copilot Features
Tags: githubThe powerful enhancements in Visual Studio 2022 v17.14, including GitHub Copilot’s new agent mode to boost developer productivity. Learn more! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/visual-studio-2022-v17-14-new-agent-mode-and-copilot-features/
-
Microsoft Open Sources GitHub Copilot: A New Era for AI Coding
Microsoft opens the GitHub Copilot Chat extension under the MIT license, revolutionizing AI coding tools. Learn more about this game-changing move! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/microsoft-open-sources-github-copilot-a-new-era-for-ai-coding/
-
Realtek Bluetooth Driver Flaw Allows Attackers to Delete Any File on Windows Systems
A high-severity security vulnerability has been identified in the Realtek Bluetooth Host Controller Interface (HCI) Adaptor, raising significant concerns for device manufacturers and end-users. The flaw, tracked as CVE-2024-11857, was disclosed on June 2, 2025, and published in both the National Vulnerability Database (NVD) and the GitHub Advisory Database within hours of its discovery. This…
-
New Study Reveals Vulnerable Code Pattern Putting GitHub Projects at Risk of Path Traversal Attacks
A comprehensive research study has identified a widespread path traversal vulnerability (CWE-22) affecting 1,756 open-source GitHub projects, some of which are highly influential in the software ecosystem. The vulnerability, present in a commonly used Node.js code pattern for creating static HTTP file servers, enables attackers to access files outside of restricted locations, potentially compromising confidentiality…
-
New Relic Enhances Software Reliability with GitHub Copilot Integration
New Relic’s integration with GitHub Copilot to boost productivity and enhance software reliability. Discover more now! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/new-relic-enhances-software-reliability-with-github-copilot-integration/
-
LexisNexis Risk Solutions says 364,000 impacted by breach involving GitHub data
The company said data held in GitHub pertaining to LexisNexis Risk Solutions had been acquired by an unknown third party. First seen on therecord.media Jump to article: therecord.media/lexis-nexis-breach-hundreds-thousands
-
MCP Server: Github-Tool ermöglicht Datenklau aus privaten Code-Repos
Forscher haben einen Angriff demonstriert, mit dem sich über den offiziellen Github MCP Server Code und Daten aus privaten Repos ausleiten lassen. First seen on golem.de Jump to article: www.golem.de/news/mcp-server-github-tool-ermoeglicht-datenklau-aus-privaten-code-repos-2505-196651.html
-
GitHub becomes go-to platform for malware delivery across Europe
Phishing has become the go-to method for attackers looking to get past security controls and access sensitive environments in Europe, according to Netskope. Users are now … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/28/attackers-phishing-method-europe/
-
SilverRAT Source Code Leaked Online: Here’s What You Need to Know
SilverRAT Source Code leaked on GitHub, exposing powerful malware tools for remote access, password theft, and crypto attacks before removal. First seen on hackread.com Jump to article: hackread.com/silverrat-source-code-leaked-online-you-need-to-know/
-
ChatGPT Deep Research Now Integrates with Dropbox and OneDrive to Retrieve Data
ChatGPT has rolled out a beta feature called Deep Research Connectors, designed to integrate seamlessly with third-party applications such as Dropbox, Microsoft OneDrive, GitHub, Microsoft SharePoint, and Box. Announced this week, this feature enables users to access and analyze live data from these platforms directly within ChatGPT’s interface, eliminating the need to toggle between multiple…
-
SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
Tags: application-security, attack, detection, exploit, firewall, github, open-source, waf, zero-dayFrom zero-day exploits to large-scale bot attacks, the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater.SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over 16.4K stars and a rapidly growing global user base.This walkthrough covers what SafeLine is, how it works, and…
-
GitHub’s AI Assistant Opened Devs to Code Theft
Even after a fix was issued, lingering prompt injection risks in GitLab’s AI assistant might allow attackers to indirectly deliver developers malware, dirty links, and more. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-ai-assistant-opened-devs-to-code-theft
-
GitHub package limit put law firm in security bind
The most dangerous time for enterprise security? One month after an acquisitionNearly 10% of employee genAI prompts include sensitive dataThe SolarWinds $4.4 billion acquisition gives CISOs what they least want: Uncertainty> First seen on csoonline.com Jump to article: www.csoonline.com/article/3991286/github-package-limit-put-law-firm-in-security-bind.html
-
GitHub Copilot’s New AI Coding Agent Saves Developers Time And Requires Their Oversight
GitHub has launched a powerful AI coding agent in Copilot that writes code, fixes bugs, and opens pull requests. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-github-copilot-ai-coding-agent/
-
The Windows Subsystem for Linux goes open source
Microsoft has officially open-sourced the Windows Subsystem for Linux (WSL), closing the very first issue ever filed on the Microsoft/WSL GitHub repository: “Will this be open … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/20/microsoft-wsl-open-sourced/
-
New GitHub Copilot agent edges into DevOps
Tags: githubThe GitHub Copilot coding agent can take on toilsome tasks such as bug fixes and code reviews with its own GitHub Actions pull requests. First seen on techtarget.com Jump to article: www.techtarget.com/searchsoftwarequality/news/366623845/New-GitHub-Copilot-agent-edges-into-DevOps
-
Microsoft open-sources Windows Subsystem for Linux at Build 2025
Microsoft has open-sourced the Windows Subsystem for Linux (WSL), making its source code available on GitHub, except for a few components that are part of Windows. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-open-sources-windows-subsystem-for-linux-at-build-2025/
-
Curl-Entwickler warnt: Unicode-Trick gefährdet Softwareprojekte auf Github
Tags: githubDie wenigsten Entwickler dürften die Unterschiede zwischen bestimmten Unicode-Zeichen zuverlässig erkennen. Gerade auf Github ist das ein Problem. First seen on golem.de Jump to article: www.golem.de/news/curl-entwickler-warnt-unicode-trick-gefaehrdet-softwareprojekte-auf-github-2505-196314.html
-
Xanthorox Emerging BlackHat AI Tool Empowering Hackers in Phishing and Malware Campaigns
Tags: ai, conference, crypto, cyber, cybercrime, cybersecurity, dark-web, github, hacker, intelligence, malware, phishing, toolArtificial intelligence platform named Xanthorox has emerged as a potent new tool for cybercriminals, enabling the automated generation of phishing campaigns, malware, and hyperrealistic deepfakes. Unlike traditional dark-web tools restricted to hidden forums, Xanthorox’s developer openly advertises its capabilities on public platforms like GitHub, YouTube, and Telegram while accepting cryptocurrency payments for access. Cybersecurity experts…
-
BSidesLV24 GroundFloor Detection Engineering Demystified: Building Custom Detections For GitHub Enterprise
Author/Presenter: David French Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/bsideslv24-groundfloor-detection-engineering-demystified-building-custom-detections-for-github-enterprise/