GitHub
-
HybridPetya ransomware emerges with UEFI Secure Boot bypass, encrypts MFT and demands Bitcoin ransom
A new ransomware strain named HybridPetya has been identified by ESET, combining traits of Petya/NotPetya with a UEFI Secure Boot bypass. The threat encrypts the Master File Table on NTFS partitions via a bootkit installed on the EFI System Partition, and demands Bitcoin ransom while offering a decryption mechanism contingent on payment. Researchers warn that…
-
Malicious Go module masquerades as SSH brute-forcer, exfiltrates credentials via Telegram bot, researchers say
Security researchers have identified a malicious Go module masquerading as an SSH brute-force tool that quietly exfiltrates credentials to a threat actor via Telegram. The module, golang-random-ip-ssh-bruteforce, targets random SSH services, disables host key verification, and relays harvested data to a Telegram bot, highlighting ongoing software supply chain and credential theft risks.
-
State-sponsored XenoRAT campaign targets South Korean embassies, researchers say
A Trellix-led analysis describes a multi-phase, state-sponsored XenoRAT espionage campaign targeting South Korean embassies, with links to North Korea’s Kimsuky and indications of possible China-based sponsorship. The operation has conducted at least 19 spearphishing attacks since March, delivering XenoRAT via password-protected ZIP archives and complex, multilingual lures.
-
Malware-as-a-Service Campaign Exploits GitHub for Distribution
Cisco’s Talos security team has exposed a malware-as-a-service operation utilizing GitHub for malicious software distribution, raising concerns over cybersecurity in enterprise environments.
-
Security Flaw Exposes Hundreds of Laravel Applications to Remote Code Execution
A vulnerability affecting over 600 Laravel applications has been discovered, allowing the exploitation of leaked APP_KEYs to gain remote code execution capabilities. Cybersecurity experts emphasize the importance of immediate key rotation and continuous monitoring to prevent such security breaches.
-
New Campaign Uncovers 67 Trojanized GitHub Repositories Targeting Python Users
Cybersecurity experts have revealed a new campaign identifying 67 trojanized GitHub repositories that falsely advertise Python hacking tools, delivering malicious software instead. This campaign highlights the significant risks of using open-source repositories for developers.
-
Water Curse: A New Threat Actor Targeting GitHub to Distribute Malware
Researchers have unveiled Water Curse, a new threat actor leveraging GitHub repositories to distribute malware. The malware enables extensive data exfiltration and remote access, underscoring the risks of supply chain attacks through legitimate platforms.
-
LexisNexis Reports Data Breach Impacting Over 364,000 Individuals
LexisNexis Risk Solutions has disclosed a data breach impacting over 364,000 individuals, revealing that personal information such as names and Social Security numbers was stolen from a GitHub account. The company emphasized that no financial information was compromised and is offering two years of free identity protection to those affected.
