Tag: github

Chromium flaw crashes Chrome, Edge, Atlas: Researcher publishes exploit after Google’s silence

Oct 30, 2025 4:19 PM

Tags: access, ai, attack, automation, browser, business, chrome, cio, defense, detection, exploit, flaw, fraud, github, google, microsoft, monitoring, risk, vulnerability, windows, zero-day

Beyond desktop crashes: enterprise automation at risk: While crashed browsers disrupt individual users, the vulnerability poses greater risks to enterprise automation. Organizations running headless Chromium browsers for AI agents, trading systems, or operational monitoring face potential workflow paralysis, the document stated.Pino’s documentation outlined several enterprise attack scenarios. AI agents querying compromised websites could crash mid-analysis,…
Chromium flaw crashes Chrome, Edge, Atlas: Researcher publishes exploit after Google’s silence

Oct 30, 2025 4:19 PM

Tags: access, ai, attack, automation, browser, business, chrome, cio, defense, detection, exploit, flaw, fraud, github, google, microsoft, monitoring, risk, vulnerability, windows, zero-day

Beyond desktop crashes: enterprise automation at risk: While crashed browsers disrupt individual users, the vulnerability poses greater risks to enterprise automation. Organizations running headless Chromium browsers for AI agents, trading systems, or operational monitoring face potential workflow paralysis, the document stated.Pino’s documentation outlined several enterprise attack scenarios. AI agents querying compromised websites could crash mid-analysis,…
PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

Oct 30, 2025 4:19 PM

Tags: attack, authentication, credentials, cybersecurity, github, malicious, malware, software, supply-chain

Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers’ machines.The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the first…
PhantomRaven attack floods npm with credential-stealing packages

Oct 29, 2025 6:27 PM

Tags: attack, authentication, credentials, github, malicious

An active campaign named ‘PhantomRaven’ is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/phantomraven-attack-floods-npm-with-credential-stealing-packages/
BlueNoroff reemerges with new campaigns for crypto theft and espionage

Oct 29, 2025 1:26 PM

Tags: attack, blockchain, credentials, crypto, espionage, github, group, jobs, lazarus, malware, social-engineering, supply-chain, theft, tool

Fake recruiters with real malware: The GhostHire operation takes a different approach, targeting Web3 developers through fake job offers and recruitment tests. Here BlueNoroff sets up fake developer tasks, often hosted on GitHub or shared via Telegram bots. “Based on historical attack cases of this campaign, we assess with medium confidence that this attack flow…
Black Duck’s product release round-up: faster fixes, smarter security

Oct 27, 2025 10:26 PM

Tags: ai, github, sbom, update

Explore the latest updates across the Black Duck portfolio”, from GitHub integrations and AI-powered fixes to faster scans, audit-ready SBOMs, and workflow automation. The post Black Duck’s product release round-up: faster fixes, smarter security appeared first on Blog. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/10/black-ducks-product-release-round-up-faster-fixes-smarter-security/
Scanning GitHub Gists for Secrets with Bring Your Own Source

Oct 27, 2025 7:26 PM

Tags: api, github, service

Developers treat GitHub Gists as a “paste everything” service, accidentally exposing secrets like API keys and tokens. BYOS lets you scan and monitor these blind spots. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/scanning-github-gists-for-secrets-with-bring-your-own-source/
Lazarus group targets European drone makers in new espionage campaign

Oct 24, 2025 3:26 PM

Tags: attack, data, defense, detection, espionage, github, group, injection, intelligence, korea, lazarus, mitre, north-korea, software, supply-chain, theft

Drone-component theft meets geopolitical ambition: The targeting of firms linked to UAV design and manufacture is no coincidence. At least two of the companies compromised were tied to critical drone component supply chains and software systems.”The in-the-wild attacks successively targeted three European companies active in the defense sector,” researchers added. “Although their activities are somewhat…
New PDF Tool Detects Malicious Files Using PDF Object Hashing

Oct 24, 2025 2:26 PM

Tags: business, cyber, email, github, malicious, malware, open-source, phishing, threat, tool

Proofpoint has released a new open-source tool called PDF Object Hashing that helps security teams detect and track malicious files distributed as PDFs. The tool is now available on GitHub and represents a significant advancement in identifying suspicious documents used by threat actors in phishing campaigns, malware distribution, and business email compromise attacks. PDFs have…
Dead-Drop Resolvers: Malware’s Quiet Rendezvous and Why Adaptive Defense Matters

Oct 22, 2025 5:26 AM

Tags: blockchain, ciso, control, data, defense, detection, dns, framework, github, infrastructure, malware, military, mitre, network, service, threat

At this weekend’s BSides NYC, Dr. Jonathan Fuller, CISO of the U.S. Military Academy at West Point, delivered an extremely clear talk on how modern malware hides its command-and-control (C2) infrastructure through dead-drop resolvers. Fuller, who co-authored Georgia Tech’s VADER project, described how adversaries increasingly use public platforms-GitHub, Dropbox, Pastebin, even blockchain transactions-as-covert meeting points…
Self-propagating worm found in marketplaces for Visual Studio Code extensions

Oct 22, 2025 5:26 AM

Tags: access, application-security, attack, backdoor, backup, best-practice, blockchain, breach, ciso, control, credentials, crime, crypto, cyber, data, data-breach, endpoint, framework, github, gitlab, google, government, identity, incident response, infrastructure, intelligence, least-privilege, login, malicious, malware, marketplace, network, open-source, resilience, risk, sans, security-incident, software, supply-chain, threat, tool, update, worm

Marketplaces targeted: The Koi Security report is the latest in a series of warnings that threat actors are increasingly targeting VS Code marketplaces in supply chain attacks. Last week, Koi Security exposed a threat actor dubbed TigerJack spreading malicious extensions. And researchers at Wiz just published research showing the widespread abuse of the OpenVSX and…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 67

Oct 19, 2025 5:07 PM

Tags: banking, control, github, international, korea, malicious, malware, north-korea, resilience, rust

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Astaroth: Banking Trojan Abusing GitHub for Resilience North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads New Rust Malware >>ChaosBot
Critical ASP.NET core vulnerability earns Microsoft’s highest-ever severity score

Oct 17, 2025 3:07 PM

Tags: access, advisory, api, attack, authentication, cvss, defense, exploit, flaw, framework, github, guide, Internet, microsoft, risk, update, vulnerability

The CVSS confusion: Despite Dorrans’ cautious assessment of the actual risk, the 9.9 CVSS rating has caused considerable confusion among developers, with many questioning whether the vulnerability truly warrants such an extreme severity score.Dorrans addressed this directly in the GitHub discussion, explaining that Microsoft’s scoring methodology accounts for worst-case scenarios.”On its own for ASP.NET Core,”…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users

Oct 15, 2025 10:54 AM

Tags: android, antivirus, api, banking, cyber, data, detection, github, india, infection, malicious, malware, rat, threat

The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users

Oct 15, 2025 10:54 AM

Tags: android, antivirus, api, banking, cyber, data, detection, github, india, infection, malicious, malware, rat, threat

The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
CamoLeak: GitHub Copilot Flaw Allowed Silent Data Theft

Oct 14, 2025 6:23 PM

Tags: ai, data, flaw, github, theft

A GitHub Copilot Chat bug let attackers steal private code via prompt injection. Learn how CamoLeak worked and how to defend against AI risks. The post CamoLeak: GitHub Copilot Flaw Allowed Silent Data Theft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-github-copilot-data-theft/
What AI Reveals About Web Applications”, and Why It Matters

Oct 14, 2025 2:23 PM

Tags: ai, api, github, login

Before an attacker ever sends a payload, they’ve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your systems behave. AI is significantly accelerating reconnaissance and…
Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns

Oct 14, 2025 12:23 PM

Tags: banking, credentials, crypto, github, malware

Astaroth banking trojan has evolved to use GitHub and steganography for resilient C2, hiding its vital commands in images. Learn how this sophisticated malware employs fileless techniques to steal banking and crypto credentials from users across Latin America. First seen on hackread.com Jump to article: hackread.com/astaroth-trojan-github-images-active-takedowns/
Astaroth Trojan abuses GitHub to host configs and evade takedowns

Oct 13, 2025 1:23 PM

Tags: banking, github, malware

The Astaroth banking Trojan uses GitHub to host malware configs, evade C2 takedowns and stay active by pulling new settings from the platform. McAfee discovered a new Astaroth campaign using GitHub repositories to host malware configurations. This allows attackers to evade takedowns by pulling fresh configs from GitHub whenever C2 servers are shut down, ensuring…
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns

Oct 13, 2025 10:23 AM

Tags: banking, control, cybersecurity, github, infrastructure, malware

Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns.”Instead of relying solely on traditional command-and-control (C2) servers that can be taken down, these attackers are leveraging GitHub repositories to host malware…
Astaroth Banking Malware Exploits GitHub for Hosting Configuration Files

Oct 13, 2025 8:23 AM

Tags: banking, control, cyber, exploit, github, infrastructure, malware, threat

McAfee’s Threat Research team recently uncovered a sophisticated new Astaroth campaign that represents a significant evolution in malware infrastructure tactics. This latest variant has abandoned traditional command-and-control (C2) server dependencies in favor of leveraging GitHub repositories to host critical malware configurations. The Astaroth banking malware has evolved beyond conventional C2 server architectures by exploiting GitHub’s…
CamoLeak: GitHub Copilot Flaw Allowed Silent Data Theft

Oct 10, 2025 11:23 PM

Tags: ai, data, flaw, github, theft

A GitHub Copilot Chat bug let attackers steal private code via prompt injection. Learn how CamoLeak worked and how to defend against AI risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/github-copilot-data-theft/
GitHub Copilot Flaw Allows Attackers to Steal Source Code from Private Repositories

Oct 10, 2025 12:23 PM

Tags: control, cvss, cyber, data, data-breach, flaw, github, malicious, vulnerability

A critical weakness in GitHub Copilot Chat discovered in June 2025 exposed private source code and secrets to attackers. Rated CVSS 9.6, the vulnerability combined a novel Content Security Policy bypass with remote prompt injection. By embedding hidden prompts in pull requests, attackers could exfiltrate private repository data and control Copilot’s responses, including injecting malicious…
GitHub Copilot Chat Flaw Let Private Code Leak Via Images

Oct 10, 2025 12:23 AM

Tags: ai, breach, exploit, flaw, github, intelligence, leak

Researcher Found Bug Could Exfiltrate Secrets Via Camo Images. A now-patched flaw in GitHub Copilot Chat could have allowed attackers to steal private source code and secrets by embedding hidden prompts that hijacked the artificial intelligence assistant’s responses. The exploit also used the code hosting platform’s image proxy to leak the stolen data. First seen…
GitHub Copilot ‘CamoLeak’ AI Attack Exfiltrates Data

Oct 9, 2025 10:24 PM

Tags: ai, attack, data, github

While GitHub has advanced protections for its built-in AI agent, a researcher came up with a creative proof-of-concept (PoC) attack for exfiltrating code and secrets via Copilot. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-copilot-camoleak-ai-attack-exfils-data
GitHub Copilot ‘CamoLeak’ AI Attack Exfiltrates Data

Oct 9, 2025 10:24 PM

Tags: ai, attack, data, github

While GitHub has advanced protections for its built-in AI agent, a researcher came up with a creative proof-of-concept (PoC) attack for exfiltrating code and secrets via Copilot. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-copilot-camoleak-ai-attack-exfils-data
GitHub Copilot prompt injection flaw leaked sensitive data from private repos

Oct 9, 2025 7:25 AM

Tags: access, ai, api, attack, breach, data, data-breach, flaw, github, gitlab, injection, leak, malicious, risk, vulnerability

Stealing sensitive data from repositories: Mayraz then wondered: Because Copilot has access to all of a user’s code, including private repositories, would it be possible to abuse it to exfiltrate sensitive information that was never intended to be public? The short answer is yes, but it wasn’t straightforward.Copilot has the ability to display images in…