Securing software repositories leads to better OSS security – Help Net Security

Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package developer’s account and update the package with malware. Consequently, the security capabilities of public software […]


Threat Actors Increasingly Abusing GitHub for Malicious Purposes

Jan 11, 2024NewsroomCybersecurity / Software Security The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as dead drop resolvers, command-and-control, and data exfiltration points. “Using GitHub services for malicious infrastructure allows adversaries to blend in with legitimate network […]


GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

Sep 28, 2023THNSupply Chain / Malware A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. “The malicious code exfiltrates the GitHub project’s defined secrets to a malicious C2 server and modify any existing javascript files in the attacked […]

  • 1
  • 2