Tag: github
-
kkRAT Exploits Network Protocols to Exfiltrate Clipboard Data
The threat actor delivers three Remote Access Trojans (RATs)”, ValleyRAT, FatalRAT, and a newly discovered RAT dubbed kkRAT”, via phishing sites hosted on GitHub Pages. These sites masquerade as legitimate software installers for popular applications. In each instance, a ZIP archive contains a malicious executable that initiates a multi-stage attack chain designed to evade analysis,…
-
UNC6395 Hackers Accessed Systems via a GitHub Account, Salesloft Says
Security investigators from Google said UNC6395 hackers spent several months running through Salesloft and Drift systems before launching a data breach campaign that some security researchers say has targeted hundreds of technology and other companies. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/unc6395-hackers-accessed-systems-via-a-github-account-salesloft-says/
-
GitHub Breach Exposed 700+ Companies in Months-Long Attack
Cybersecurity investigators say a massive supply-chain attack affecting over 700 companies began with a seemingly minor GitHub breach earlier this year. Salesloft first disclosed a security issue in the Drift application on Aug. 21, then shared more details about malicious OAuth token abuse five days later. According to an investigation by Mandiant, which is aiding…
-
GPUGate Malware Shows Hardware-Specific Evasion Tactics: Arctic Wolf
Bad actors are using GitHub’s repository structure and paid Google Ads placements to trick EU IT users into downloading a unique malware dubbed “GPUGate” that includes new hardware-specific evasion techniques that may begin to appear in other attacks, according to Arctic Wolf threat researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/gpugate-malware-shows-hardware-specific-evasion-tactics-arctic-wolf/
-
GPUGate Malware Shows Hardware-Specific Evasion Tactics: Arctic Wolf
Bad actors are using GitHub’s repository structure and paid Google Ads placements to trick EU IT users into downloading a unique malware dubbed “GPUGate” that includes new hardware-specific evasion techniques that may begin to appear in other attacks, according to Arctic Wolf threat researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/gpugate-malware-shows-hardware-specific-evasion-tactics-arctic-wolf/
-
Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting
GPU-Gated decryption evades detection: The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant…
-
Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting
GPU-Gated decryption evades detection: The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant…
-
GitHub Actions missbraucht
Mit der neuen Angriffskampagne “GhostAction” haben es Cyberkriminelle auf die GitHub-Lieferkette abgesehen.Sicherheitsforscher von GitGuardian haben eine neue Angriffskampagne namens ‘GhostAction” aufgedeckt, die die GitHub-Lieferkette ins Visier nimmt. Dabei manipulieren die Angreifer GitHub-Actions-Workflows, also die automatisierten Prozesse, die in einem GitHub-Repository als Reaktion auf spezifische Eventsdefiniert sind. So konnten die Cyberkriminellen laut den Forschern 3.325 Secrets…
-
GitHub Actions missbraucht
Mit der neuen Angriffskampagne “GhostAction” haben es Cyberkriminelle auf die GitHub-Lieferkette abgesehen.Sicherheitsforscher von GitGuardian haben eine neue Angriffskampagne namens ‘GhostAction” aufgedeckt, die die GitHub-Lieferkette ins Visier nimmt. Dabei manipulieren die Angreifer GitHub-Actions-Workflows, also die automatisierten Prozesse, die in einem GitHub-Repository als Reaktion auf spezifische Eventsdefiniert sind. So konnten die Cyberkriminellen laut den Forschern 3.325 Secrets…
-
Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads
Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerabilityFinancial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
-
Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads
Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerabilityFinancial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
-
Salesloft: GitHub Account Breach Was Ground Zero in Drift Campaign
Salesloft has revealed that threat actors targeted customer Salesforce data after breaching its GitHub account First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/salesloft-github-breach-drift/
-
Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers
Researchers have spotted a malvertising (and clever malware delivery) campaign targeting IT workers in the European Union with fake GitHub Desktop installers. >>We … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/09/github-desktop-malvertising-it-workers/
-
Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers
Researchers have spotted a malvertising (and clever malware delivery) campaign targeting IT workers in the European Union with fake GitHub Desktop installers. >>We … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/09/github-desktop-malvertising-it-workers/
-
Salesloft Drift Hack Claims New Victims in Tenable, Qualys
Salesloft Says Hackers Broke Into Its GitHub Repository. Cybersecurity firms Tenable and Qualys fell to attacks stemming from hacker theft of authentication tokens from a third-party tool often integrated into Salesforce. The firms disclosed their exposure to the attack that lifted access tokens from marketing-as-a-service software provider Salesloft. First seen on govinfosecurity.com Jump to article:…
-
Salesloft Drift Hack Claims New Victims in Tenable, Qualys
Salesloft Says Hackers Broke Into Its GitHub Repository. Cybersecurity firms Tenable and Qualys fell to attacks stemming from hacker theft of authentication tokens from a third-party tool often integrated into Salesforce. The firms disclosed their exposure to the attack that lifted access tokens from marketing-as-a-service software provider Salesloft. First seen on govinfosecurity.com Jump to article:…
-
Salesloft: Hacker broke into systems in March through GitHub account
The hacker spent months performing reconnaissance activities on both Salesloft application environments as well as those for Drift, an AI chatbot company that Salesloft acquired last year. First seen on therecord.media Jump to article: therecord.media/salesloft-hacker-broke-into-github
-
Salesloft Drift security incident started with undetected GitHub access
The company said a threat actor accessed and snooped around its account for months, then stole OAuth tokens for Drift integrations from its cloud environment. First seen on cyberscoop.com Jump to article: cyberscoop.com/salesloft-drift-attack-root-cause-github-oauth/
-
Drift massive attack traced back to loose Salesloft GitHub account
Meanwhile the victim count grows First seen on theregister.com Jump to article: www.theregister.com/2025/09/08/drift_breach_entry_salesloft_github/
-
Salesloft Breached via GitHub Account Compromise
The breach kickstarted a massive supply chain attack that led to the compromise of hundreds of Salesforce instances through stolen OAuth tokens. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/salesloft-breached-github-account-compromise
-
How huge breach started: Drift attackers gained entry via a Salesloft GitHub account
Meanwhile the victim count grows First seen on theregister.com Jump to article: www.theregister.com/2025/09/08/drift_breach_entry_salesloft_github/
-
Hackers breached Salesloft ‘s GitHub in March, and used stole tokens in a mass attack
Hackers breached Salesloft’s GitHub in March, stole tokens, and used them in a mass attack on several major tech customers. Salesloft revealed that the threat actor UNC6395 breached its GitHub account in March, stealing authentication tokens that were later used in a large-scale attack against several major tech customers. Salesforce data theft attacks impacted major…
-
Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack
A new supply chain attack on GitHub, dubbed ‘GhostAction,’ has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-steal-3-325-secrets-in-ghostaction-github-supply-chain-attack/
-
Salesloft platform integration restored after probe reveals monthslong GitHub account compromise
An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/salesloft-drift-restored-probe-github/759506/
-
Salesloft platform integration restored after probe reveals monthslong GitHub account compromise
An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/salesloft-drift-restored-probe-github/759506/
-
Salesloft says Drift customer data thefts linked to March GitHub account hack
The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the breach. First seen on techcrunch.com Jump to article: techcrunch.com/2025/09/08/salesloft-says-drift-customer-data-thefts-linked-to-march-github-account-hack/
-
Salesloft platform integration restored after probe reveals monthslong GitHub account compromise
An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/salesloft-drift-restored-probe-github/759506/
-
Salesloft Drift integration restored after probe reveals monthslong GitHub account compromise
An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/salesloft-drift-restored-probe-github/759506/
-
Salesloft Drift integration restored after probe reveals monthslong GitHub account compromise
An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/salesloft-drift-restored-probe-github/759506/
-
Salesloft Drift integration restored after probe reveals monthslong GitHub account compromise
An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/salesloft-drift-restored-probe-github/759506/