Tag: github
-
Warning: Hackers have inserted credential-stealing code into some npm libraries
Tags: api, attack, authentication, ciso, cloud, credentials, github, google, hacker, Hardware, incident response, malware, mfa, monitoring, open-source, phishing, sans, software, supply-chain, threatMore than 40 packages affected: One of the researchers who found and flagged the hack Monday was French developer François Best, and it was also described in blogs from StepSecurity, Socket, ReversingLabs and Ox Security. These blogs contain a full list of compromised packages and indicators of compromise.Researchers at Israel-based Ox Security said there was a…
-
Shai-Hulud: A Persistent Secret Leaking Campaign
On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The attack scenario was similar to the one used in the s1ngularity and GhostActions campaigns. The threat actors combined a local environment secrets extraction with a malicious GitHub actions workflow First seen on securityboulevard.com Jump to…
-
Threat Actors and Code Assistants: The Hidden Risks of Backdoor Injections
AI code assistants integrated into IDEs, like GitHub Copilot, offer powerful chat, auto-completion, and test-generation features. However, threat actors and careless users can exploit these capabilities to inject backdoors, leak sensitive data, and produce harmful code. Indirect prompt injection attacks exploit context-attachment features by contaminating public data sources with hidden instructions. When unsuspecting developers feed…
-
GitHub adds post-quantum protection for SSH access
GitHub is adding post-quantum cryptography to secure SSH connections, a move that signals the company’s preparation for a time when current encryption may no longer be safe. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/16/github-post-quantum-ssh-access/
-
HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks
Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware.”The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites,” Fortinet FortiGuard Labs researcher Pei Han Liao said. “By using convincing language and small character First seen…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 62
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter npm debug and chalk packages compromised GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware-Specific Decryption, Abuse Google Ads to Target Western Europe Trojanized ScreenConnect installers evolve, dropping multiple RATs on a single machine Salt…
-
Week in review: Salesloft Drift breach investigation results, malicious GitHub Desktop installers
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Salesloft Drift data breach: Investigation reveals how attackers got in The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/14/week-in-review-salesloft-drift-breach-investigation-results-malicious-github-desktop-installers/
-
How Wesco cut through the noise and reimagined risk management
Tags: ai, application-security, automation, awareness, business, conference, container, control, data, defense, detection, exploit, github, intelligence, kubernetes, microsoft, mitigation, risk, risk-management, software, strategy, threat, tool, vulnerability, zero-dayProactive defense: Real-time threat intelligence feeds allow Wesco to spot and neutralize vulnerabilities before they escalate.Improved awareness: Developers and security teams have clearer visibility into zero-day threats and can act faster.Application security posture enhancement: A “security champions program” ensures accountability doesn’t sit only with the security team but across development and executive teams, too.AI-driven risk…
-
New Malvertising Campaign Exploits GitHub Repositories to Distribute Malware
A sophisticated malvertising campaign has been uncovered targeting unsuspecting users through “dangling commits” in a legitimate GitHub repository. Attackers are injecting promotional content for a counterfeit GitHub Desktop installer into popular development and open-source projects. When users download what appears to be the genuine client, the installer quietly delivers malicious payloads in the background, compromising…
-
kkRAT Exploits Network Protocols to Exfiltrate Clipboard Data
The threat actor delivers three Remote Access Trojans (RATs)”, ValleyRAT, FatalRAT, and a newly discovered RAT dubbed kkRAT”, via phishing sites hosted on GitHub Pages. These sites masquerade as legitimate software installers for popular applications. In each instance, a ZIP archive contains a malicious executable that initiates a multi-stage attack chain designed to evade analysis,…
-
UNC6395 Hackers Accessed Systems via a GitHub Account, Salesloft Says
Security investigators from Google said UNC6395 hackers spent several months running through Salesloft and Drift systems before launching a data breach campaign that some security researchers say has targeted hundreds of technology and other companies. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/unc6395-hackers-accessed-systems-via-a-github-account-salesloft-says/
-
GitHub Breach Exposed 700+ Companies in Months-Long Attack
Cybersecurity investigators say a massive supply-chain attack affecting over 700 companies began with a seemingly minor GitHub breach earlier this year. Salesloft first disclosed a security issue in the Drift application on Aug. 21, then shared more details about malicious OAuth token abuse five days later. According to an investigation by Mandiant, which is aiding…
-
GPUGate Malware Shows Hardware-Specific Evasion Tactics: Arctic Wolf
Bad actors are using GitHub’s repository structure and paid Google Ads placements to trick EU IT users into downloading a unique malware dubbed “GPUGate” that includes new hardware-specific evasion techniques that may begin to appear in other attacks, according to Arctic Wolf threat researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/gpugate-malware-shows-hardware-specific-evasion-tactics-arctic-wolf/
-
GPUGate Malware Shows Hardware-Specific Evasion Tactics: Arctic Wolf
Bad actors are using GitHub’s repository structure and paid Google Ads placements to trick EU IT users into downloading a unique malware dubbed “GPUGate” that includes new hardware-specific evasion techniques that may begin to appear in other attacks, according to Arctic Wolf threat researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/gpugate-malware-shows-hardware-specific-evasion-tactics-arctic-wolf/
-
Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting
GPU-Gated decryption evades detection: The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant…
-
Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting
GPU-Gated decryption evades detection: The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant…
-
GitHub Actions missbraucht
Mit der neuen Angriffskampagne “GhostAction” haben es Cyberkriminelle auf die GitHub-Lieferkette abgesehen.Sicherheitsforscher von GitGuardian haben eine neue Angriffskampagne namens ‘GhostAction” aufgedeckt, die die GitHub-Lieferkette ins Visier nimmt. Dabei manipulieren die Angreifer GitHub-Actions-Workflows, also die automatisierten Prozesse, die in einem GitHub-Repository als Reaktion auf spezifische Eventsdefiniert sind. So konnten die Cyberkriminellen laut den Forschern 3.325 Secrets…
-
GitHub Actions missbraucht
Mit der neuen Angriffskampagne “GhostAction” haben es Cyberkriminelle auf die GitHub-Lieferkette abgesehen.Sicherheitsforscher von GitGuardian haben eine neue Angriffskampagne namens ‘GhostAction” aufgedeckt, die die GitHub-Lieferkette ins Visier nimmt. Dabei manipulieren die Angreifer GitHub-Actions-Workflows, also die automatisierten Prozesse, die in einem GitHub-Repository als Reaktion auf spezifische Eventsdefiniert sind. So konnten die Cyberkriminellen laut den Forschern 3.325 Secrets…
-
Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads
Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerabilityFinancial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
-
Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads
Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerabilityFinancial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
-
Salesloft: GitHub Account Breach Was Ground Zero in Drift Campaign
Salesloft has revealed that threat actors targeted customer Salesforce data after breaching its GitHub account First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/salesloft-github-breach-drift/
-
Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers
Researchers have spotted a malvertising (and clever malware delivery) campaign targeting IT workers in the European Union with fake GitHub Desktop installers. >>We … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/09/github-desktop-malvertising-it-workers/
-
Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers
Researchers have spotted a malvertising (and clever malware delivery) campaign targeting IT workers in the European Union with fake GitHub Desktop installers. >>We … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/09/github-desktop-malvertising-it-workers/
-
Salesloft Drift Hack Claims New Victims in Tenable, Qualys
Salesloft Says Hackers Broke Into Its GitHub Repository. Cybersecurity firms Tenable and Qualys fell to attacks stemming from hacker theft of authentication tokens from a third-party tool often integrated into Salesforce. The firms disclosed their exposure to the attack that lifted access tokens from marketing-as-a-service software provider Salesloft. First seen on govinfosecurity.com Jump to article:…
-
Salesloft Drift Hack Claims New Victims in Tenable, Qualys
Salesloft Says Hackers Broke Into Its GitHub Repository. Cybersecurity firms Tenable and Qualys fell to attacks stemming from hacker theft of authentication tokens from a third-party tool often integrated into Salesforce. The firms disclosed their exposure to the attack that lifted access tokens from marketing-as-a-service software provider Salesloft. First seen on govinfosecurity.com Jump to article:…
-
Salesloft: Hacker broke into systems in March through GitHub account
The hacker spent months performing reconnaissance activities on both Salesloft application environments as well as those for Drift, an AI chatbot company that Salesloft acquired last year. First seen on therecord.media Jump to article: therecord.media/salesloft-hacker-broke-into-github
-
Salesloft Drift security incident started with undetected GitHub access
The company said a threat actor accessed and snooped around its account for months, then stole OAuth tokens for Drift integrations from its cloud environment. First seen on cyberscoop.com Jump to article: cyberscoop.com/salesloft-drift-attack-root-cause-github-oauth/
-
Drift massive attack traced back to loose Salesloft GitHub account
Meanwhile the victim count grows First seen on theregister.com Jump to article: www.theregister.com/2025/09/08/drift_breach_entry_salesloft_github/
-
Salesloft Breached via GitHub Account Compromise
The breach kickstarted a massive supply chain attack that led to the compromise of hundreds of Salesforce instances through stolen OAuth tokens. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/salesloft-breached-github-account-compromise
-
How huge breach started: Drift attackers gained entry via a Salesloft GitHub account
Meanwhile the victim count grows First seen on theregister.com Jump to article: www.theregister.com/2025/09/08/drift_breach_entry_salesloft_github/