GitHub
-
Malicious npm package used GitHub uploads to steal files from AI workspace
A malicious npm package was found stealing files from Claude’s workspace directory by using GitHub uploads during installation. Researchers said the package hid the theft behind fake sync and network logs.
-
CrowdStrike and partners disrupt GlassWorm malware command channels
CrowdStrike said it and partners disrupted all command and control channels used by GlassWorm, a developer-targeting malware campaign that poisoned more than 300 GitHub repositories and used four separate infrastructure layers.
-
GitHub investigates claim of internal repository theft after TeamPCP listing
GitHub said it is investigating unauthorized access to internal repositories after TeamPCP claimed it was selling source code and internal data. The company said it has no evidence of customer impact outside internal repositories.
-
CISA left GitHub repo with passwords and keys exposed for six months
CISA left a public GitHub repository exposed for six months, revealing passwords, keys and tokens in production infrastructure files. GitGuardian found the leak on May 14 and the agency removed the repo the next day.
-
Compromised Nx Console VS Code extension targeted developers in supply chain breach
A compromised Nx Console VS Code extension spread credential-stealing malware to developers after being published on the Microsoft marketplace. The incident affected more than 2.2 million installations and prompted update and credential-rotation warnings.
-
Grafana says GitHub token breach let intruder download codebase
Grafana said a stolen token let an unauthorized party access its GitHub environment and download code. The company said no customer data was exposed and that the attacker later tried to extort payment.
-
Checkmarx says LAPSUS$ leaked data from stolen GitHub repository
Checkmarx said LAPSUS$ leaked 96GB of data stolen from its private GitHub repository after a March 23 compromise linked to a supply chain attack. The company said it has not found customer information so far.
-
Cisco Talos warns attackers are abusing GitHub and Jira notifications for phishing
Cisco Talos says attackers are abusing GitHub and Jira notification systems to send phishing emails that pass standard authentication checks and may look trusted to corporate users.
-
DPRK-linked hackers use GitHub as command hub in South Korea attacks
DPRK-linked hackers used GitHub as command and control infrastructure in attacks on South Korean organizations, Fortinet said. The campaigns relied on LNK files, PowerShell, persistence tasks and trusted cloud services to hide activity.
-
Researchers track fake installer campaign tied to cryptominers and RATs
A fake-installer campaign tracked as REF1695 has spread RATs and cryptominers since November 2023, with researchers estimating at least 27.88 XMR in proceeds. The operation also used ISO lures, Defender evasion and GitHub-hosted payloads.
