Tag: github
-
Security researchers caution app developers about risks in using Google Antigravity
CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
-
Security researchers caution app developers about risks in using Google Antigravity
CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
-
Security researchers caution app developers about risks in using Google Antigravity
CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
-
Shai Hulud v2 Exploits GitHub Actions to Steal Secrets
A sophisticated supply chain attack has compromised hundreds of npm packages and exposed secrets from tens of thousands of GitHub repositories, with cybersecurity researchers now documenting how attackers weaponized GitHub Actions workflows to bootstrap one of the most aggressive worm campaigns in recent memory. On November 24, 2025, at 4:11 AM UTC, malicious versions of…
-
‘Shai-Hulud” In der neuen Version ist der Wurm noch schwerer zu entdecken, erzeugt Hintertüren für Spionage und löscht unwiederbringlich die Daten der Opfer
Tags: githubSysdig warnt vor einer neuen Version des Shai-Hulud-Wurms (auch als Sha1-Hulud bezeichnet), der am 24. November 2025 beobachtet wurde. Er verbreitet sich derzeit über verseuchte NPM-Pakete im Internet. Bislang sind über 800 Pakete betroffen, und Zugangsdaten für über 25.000 Github-Repositories wurden weitergegeben. Das Ausmaß und der Umfang der Auswirkungen auf die Opfer, die diese neue…
-
CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems
3 min readAs AI platforms grow more complex and interdependent, small failures can cast long shadows. That’s what happened inside the open-source CrewAI platform, where a vulnerability in its error-handling logic surfaced during a provisioning failure. The resulting “exception response” the message a service returns when it encounters an unhandled error during a request contained……
-
CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems
3 min readAs AI platforms grow more complex and interdependent, small failures can cast long shadows. That’s what happened inside the open-source CrewAI platform, where a vulnerability in its error-handling logic surfaced during a provisioning failure. The resulting “exception response” the message a service returns when it encounters an unhandled error during a request contained……
-
The Latest Shai-Hulud Malware is Faster and More Dangerous
A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more destructive, creating huge numbers of malicious repositories, compromised scripts, and GitHub users attacked, creating one of the most significant supply chain attacks this year. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/the-latest-shai-hulud-malware-is-faster-and-more-dangerous/
-
Sha1-Hulud Attack Hits 800+ npm Packages and Thousands of GitHub Repos
Shai-Huluda, a self-replicating npm worm named after the sandworms in Dune, had struck again. This time, the attack was devastating in scale and sophistication, compromising over 800 npm packages with a combined 132 million monthly downloads across the ecosystem. The timing proved particularly strategic. The attack occurred just weeks before npm’s December 9 deadline to…
-
Sha1-Hulud Attack Hits 800+ npm Packages and Thousands of GitHub Repos
Shai-Huluda, a self-replicating npm worm named after the sandworms in Dune, had struck again. This time, the attack was devastating in scale and sophistication, compromising over 800 npm packages with a combined 132 million monthly downloads across the ecosystem. The timing proved particularly strategic. The attack occurred just weeks before npm’s December 9 deadline to…
-
Sha1-Hulud Attack Hits 800+ npm Packages and Thousands of GitHub Repos
Shai-Huluda, a self-replicating npm worm named after the sandworms in Dune, had struck again. This time, the attack was devastating in scale and sophistication, compromising over 800 npm packages with a combined 132 million monthly downloads across the ecosystem. The timing proved particularly strategic. The attack occurred just weeks before npm’s December 9 deadline to…
-
FAQ About Sha1-Hulud 2.0: The >>Second Coming<< of the npm Supply-Chain Campaign
Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages. A massive resurgence of the Sha1-Hulud malware family, self-titled by the attackers as “The Second Coming,” was observed around Nov. 24 targeting…
-
FAQ About Sha1-Hulud 2.0: The >>Second Coming<< of the npm Supply-Chain Campaign
Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages. A massive resurgence of the Sha1-Hulud malware family, self-titled by the attackers as “The Second Coming,” was observed around Nov. 24 targeting…
-
Shai-Hulud worm returns stronger and more automated than ever before
Self-replicating malware has infected almost 500 open-source packages, exposing more than 26,000 GitHub repositories in less than 24 hours. First seen on cyberscoop.com Jump to article: cyberscoop.com/supply-chain-attack-shai-hulud-npm/
-
Shai-Hulud worm returns stronger and more automated than ever before
Self-replicating malware has infected almost 500 open-source packages, exposing more than 26,000 GitHub repositories in less than 24 hours. First seen on cyberscoop.com Jump to article: cyberscoop.com/supply-chain-attack-shai-hulud-npm/
-
Shai-Hulud 2.0: over 14,000 secrets exposed
On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens. GitGuardian identified 14,206 secrets across 487 organizations, with 2,485 still valid. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/shai-hulud-2-0-over-14000-secrets-exposed/
-
Shai-Hulud 2.0: over 14,000 secrets exposed
On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens. GitGuardian identified 14,206 secrets across 487 organizations, with 2,485 still valid. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/shai-hulud-2-0-over-14000-secrets-exposed/
-
Shai-Hulud worm returns, belches secrets to 25K GitHub repos
Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/shai_hulud_npm_worm/
-
Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shai-hulud-malware-infects-500-npm-packages-leaks-secrets-on-github/
-
Ollama Flaws Let Hackers Run Any Code Using Malicious Model Files
Critical security vulnerabilities discovered in Ollama, one of GitHub’s most popular open-source projects with over 155,000 stars, could allow attackers to execute arbitrary code on vulnerable systems. The flaws affect Ollama versions before 0.7.0, putting countless AI enthusiasts and developers who use the platform to run large language models locally at risk. Understanding the Vulnerability…
-
The hidden risks in your DevOps stack data”, and how to address them
DevOps repos on GitHub, GitLab, Bitbucket, and Azure DevOps face risks from weak access controls, misconfigurations, outages, and accidental deletions. GitProtect provides automated, immutable backups and fast recovery to secure your DevOps data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-hidden-risks-in-your-devops-stack-data-and-how-to-address-them/
-
From Cloud to Code: Salt Cloud Connect Now Scans GitHub
One of our most-loved features is Salt Cloud Connect. In a world of complex deployments, it’s a breath of fresh air: an agentless discovery model that delivers under 10-minute deployment and rapidly gathering API-specific info in cloud platforms. Customers plug it in, and in minutes, not weeks, they get a “traffic-free”, complete inventory of their…
-
Salt Security Launches GitHub Connect to Proactively Discover Shadow APIs and MCP Risks in Code Repositories
API security organisation Salt Security has announced the latest expansion of its innovative Salt Cloud Connect capability. It extends the same agentless model customers trust for rapidly gathering API-specific info in cloud platforms, applying the same proven ease of use and ‘under 10-minute’ deployment to GitHub source code. While other security solutions focus on AI…
-
North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes
Developers remain a high-value target: Researchers highlighted that the campaign specifically targets developers involved in crypto and Web3 projects, using realistic-sounding personas and demo applications (real estate, DeFi, game forks) to lower suspicion. The state-linked actors’ shift from direct payload hosting to abusing legitimate JSON storage services suggests that even benign developer-centric platforms are now…
-
North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes
Developers remain a high-value target: Researchers highlighted that the campaign specifically targets developers involved in crypto and Web3 projects, using realistic-sounding personas and demo applications (real estate, DeFi, game forks) to lower suspicion. The state-linked actors’ shift from direct payload hosting to abusing legitimate JSON storage services suggests that even benign developer-centric platforms are now…
-
How to Add Passwordless Authentication to Umbraco Using MojoAuth
Add passwordless login to Umbraco using MojoAuth. Step-by-step OIDC setup, passkeys, OTP, and a full GitHub example for secure, modern authentication. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/how-to-add-passwordless-authentication-to-umbraco-using-mojoauth/
-
Rogue MCP servers can take over Cursor’s built-in browser
Defenses: Organizations must review and control, both through policy and access controls, the IDE extensions and MCP servers their developers use. They should do this just like they should be vetting application dependencies from package registries such as npm or PyPI to prevent the compromise of developer machines or inheriting vulnerabilities in their code.Attackers are…
-
Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal Tokens
On Friday, November 7th, Veracode Threat Research discovered a dangerous typosquatting campaign targeting developers using GitHub Actions. The malicious npm package >>@acitons/artifact>@actions/artifact
-
Fake NPM Package With 206K Downloads Targeted GitHub for Credentials (UPDATED)
Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation’s code. First seen on hackread.com Jump to article: hackread.com/fake-npm-package-downloads-github-credentials/