Tag: github
-
Fake OpenClaw Token Giveaway Targets GitHub Devs with Wallet-Draining Scam
OX Security reveals a new phishing campaign targeting GitHub developers. Scammers use fake OpenClaw token giveaways to trick users into connecting and draining their crypto wallets First seen on hackread.com Jump to article: hackread.com/fake-openclaw-token-github-devs-wallet-drainer-scam/
-
AI-Driven ‘OpenClaw Trap’ Campaign Targets Developers and Gamers via Trojanized GitHub Repos
A large-scale malware operation abusing GitHub to deliver a custom LuaJIT-based trojan to developers, gamers, and everyday users through convincing but trojanized repositories. The campaign, tracked as “TroyDen’s Lure Factory,” spans more than 300 delivery packages and uses AI-assisted lures ranging from OpenClaw deployment tools to game cheats, Roblox scripts, crypto bots, VPN crackers, and…
-
Aqua Security’s Trivy Scanner Hit by Supply Chain Attack, Threatening Software Integrity
Tags: attack, cyber, github, malicious, open-source, risk, software, supply-chain, threat, vulnerabilityA sophisticated supply chain attack compromised Aqua Security’s popular open-source Trivy vulnerability scanner. Threat actors successfully distributed malicious code through the project’s GitHub Actions, targeting deployment pipelines to silently exfiltrate sensitive credentials. While Aqua’s commercial products remain completely unaffected, the incident highlights the severe risks of using mutable version tags in deployment automation. The attack…
-
Identity Attack Path Management: SpecterOps erweitert Lösungsangebot auf Okta, GitHub und Mac
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/identity-attack-path-management-specterops
-
DarkSword’s GitHub leak threatens to turn elite iPhone hacking into a tool for the masses
Cybersecurity researchers say the GitHub leak threatens to “democratize” iPhone exploits that were once reserved for nation-states, potentially putting hundreds of millions of iOS 18 devices at risk. First seen on cyberscoop.com Jump to article: cyberscoop.com/darksword-iphone-spyware-leak-ios-18-exploit-threat/
-
GitHub ‘OpenClaw Deployer’ Repo Delivers Trojan Instead
An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game cheats. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-openclaw-deployer-repo-delivers-trojan
-
Trivy’s March Supply Chain Attack Shows Where Secret Exposure Hurts Most
The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions tag hijack. What started as a compromise of trivy-action, setup-trivy, and the v0.69.4 release has expanded into malicious Docker Hub images. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/trivys-march-supply-chain-attack-shows-where-secret-exposure-hurts-most/
-
GitHub-hosted malware campaign uses split payload to evade detection
A large-scale malware delivery campaign has been targeting developers, gamers, and general users through fake tools hosted on GitHub, Netskope researchers have warned. These … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/24/github-malware-split-payload/
-
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack.The workflows, both maintained by the supply chain security company Checkmarx, are listed below -checkmarx/ast-github-actioncheckmarx/kics-github-actionCloud security First seen on thehackernews.com Jump to article:…
-
Exploit-Kit veröffentlicht: Leak auf Github gefährdet Millionen von iPhones
Eine neue Version des Exploit-Kits Darksword ist auf Github aufgetaucht. Zahlreiche iPhones lassen sich dadurch mit nur einem Klick infiltrieren. First seen on golem.de Jump to article: www.golem.de/news/exploit-kit-veroeffentlicht-leak-auf-github-gefaehrdet-millionen-von-iphones-2603-206852.html
-
GitHub just made it much harder to ship a vulnerable pull request
GitHub is expanding its application security capabilities with AI-powered security detections designed to identify risks earlier in the development process, with public … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/24/github-ai-powered-detections-code-scanning/
-
GitHub just made it much harder to ship a vulnerable pull request
GitHub is expanding its application security capabilities with AI-powered security detections designed to identify risks earlier in the development process, with public … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/24/github-ai-powered-detections-code-scanning/
-
Someone has publicly leaked an exploit kit that can hack millions of iPhones
Leaked “DarkSword” exploits published to GitHub allow hackers and cybercriminals to target iPhone users running old versions of iOS with spyware, according to cybersecurity researchers. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/23/someone-has-publicly-leaked-an-exploit-kit-that-can-hack-millions-of-iphones/
-
Trivy supply-chain attack spreads to Docker, GitHub repos
The TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images and hijacking the company’s GitHub organization to tamper with dozens of repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trivy-supply-chain-attack-spreads-to-docker-github-repos/
-
44 Aqua Security repositories defaced after Trivy supply chain breach
Malicious Trivy images on Docker Hub spread infostealer malware, exposing developers after a supply chain attack. Researchers found malicious Trivy images on Docker Hub linked to a supply chain attack. Versions 0.69.40.69.6, now removed, contained TeamPCP infostealer code. Suspicious tags were pushed without matching GitHub releases, increasing the risk to developers using compromised container images.…
-
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trivy-vulnerability-scanner-breach-pushed-infostealer-via-github-actions/
-
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trivy-vulnerability-scanner-breach-pushed-infostealer-via-github-actions/
-
Trivy Vulnerability Scanner Compromised to Inject Malicious Scripts That Steal Credentials
Tags: attack, breach, credentials, cyber, github, malicious, security-incident, supply-chain, vulnerabilityA highly sophisticated supply chain attack has successfully compromised the official Trivy GitHub Actions repository, severely impacting continuous integration environments. Discovered on March 19, 2026, this breach represents the second major security incident to strike the Trivy ecosystem this month following a prior credential theft. Attackers effectively hijacked 75 out of 76 version tags, transforming…
-
Trivy Vulnerability Scanner Compromised to Inject Malicious Scripts That Steal Credentials
Tags: attack, breach, credentials, cyber, github, malicious, security-incident, supply-chain, vulnerabilityA highly sophisticated supply chain attack has successfully compromised the official Trivy GitHub Actions repository, severely impacting continuous integration environments. Discovered on March 19, 2026, this breach represents the second major security incident to strike the Trivy ecosystem this month following a prior credential theft. Attackers effectively hijacked 75 out of 76 version tags, transforming…
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets.The latest incident impacted GitHub Actions “aquasecurity/trivy-action” and “aquasecurity/setup-trivy,” which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow First seen…
-
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets.The latest incident impacted GitHub Actions “aquasecurity/trivy-action” and “aquasecurity/setup-trivy,” which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow First seen…
-
Specterops erweitert sein Attack-Path-Management für Identitäten auf Okta, Github und Mac
Specterops, Entwickler von Bloodhound und führender Anbieter für Identity-Attack-Path-Management (APM), erweitert seine Lösung um die Unterstützung für Okta, Github und Mac-Umgebungen. Mit den neuen Opengraph-Erweiterungen in Bloodhound-Enterprise können Identity- und Sicherheitsteams plattformübergreifende Angriffspfade (Attack-Paths) gezielt erkennen und schließen. Darüber hinaus sorgen privilegierte Zugriffszonen für den Schutz kritischer Unternehmenswerte wie Code-Repositorys und sensibler Kundendaten. Specterops präsentiert…
-
SpecterOps erweitert Identity Attack Path Management auf Okta, GitHub und Mac
SpecterOps entwickelt und pflegt weit verbreitete Open-Source-Sicherheitstools, allen voran BloodHound das Tool für effektives Identity Attack Path Management. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/specterops-erweitert-identity-attack-path-management-auf-okta-github-und-mac/a44204/
-
How AI Code Assistants Change Application Security
<div cla TL;DR AI code assistants accelerate development velocity, with 46% of code now completed by tools like GitHub Copilot. This speed creates a security challenge: vulnerabilities reach production faster than traditional scanning can catch them. The solution is to adapt security approaches to match development velocity through runtime visibility that monitors application behavior, regardless…
-
Open VSX Extension Delivers RAT and Stealer via GitHub Downloader
An Open VSX extension used by thousands of developers has been caught silently pulling a full-featured remote access trojan and infostealer from GitHub. The KhangNghiem/fast-draft extension, listed on open-vsx.org and tracked at over 26,000 downloads as of March 17, 2026, contained multiple malicious releases that executed a GitHub-hosted downloader and fetched a second-stage payload from…
-
Technical Analysis of SnappyClient
Tags: access, antivirus, api, attack, browser, chrome, cloud, communications, computer, control, credentials, crypto, data, defense, detection, encryption, endpoint, finance, framework, github, infection, injection, jobs, login, malicious, malware, network, password, software, startup, theft, threat, update, windowsIntroductionIn December 2025, Zscaler ThreatLabz identified a new command-and-control (C2) framework implant that we track as SnappyClient, which was delivered using HijackLoader. SnappyClient has an extended list of capabilities including taking screenshots, keylogging, a remote terminal, and data theft from browsers, extensions, and other applications. In this blog post, ThreatLabz provides a technical analysis of SnappyClient, including…
-
ForceMemo Hijacks GitHub Accounts, Backdoors Python Repos
ForceMemo is an active software supply”‘chain campaign hijacking GitHub accounts and silently backdooring Python repositories via force”‘pushed commits that look legitimate in the web UI. It builds on GlassWorm’s stolen”‘token ecosystem and uses the Solana blockchain as a resilient command”‘and”‘control (C2) channel, making detection and takedown significantly harder. The attacker targets a wide range of…