Bleeping Computer

GitHub comments abused to push malware via Microsoft repo URLs

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. While most ...
Bleeping Computer

New Gitloker attacks wipe GitHub repos in extortion scheme

Attackers are targeting GitHub repositories, wiping their contents, and asking the victims to reach out on Telegram for more information. These attacks are part of what looks like an ongoing campaign ...
CSO Online

Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace

A suspicious Visual Studio Code extension with file-encrypting and data-stealing behavior successfully bypassed marketplace ...
ZDNet

Over 100,000 GitHub repos have leaked API or cryptographic keys

A scan of billions of files from 13 percent of all GitHub public repositories over a period of six months has revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with ...