Bleeping Computer

Clever 'GitHub Scanner' campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to ...
Bleeping Computer

GitHub comments abused to push password stealing malware masked as fixes

GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. The campaign was first reported by a contributor to the teloxide rust ...

After major attack: Package manager NPM cuts old security ties

First steps were taken a few days ago, and more are to follow. Users and developers in the NPM ecosystem must act in the ...
CoinTelegraph

Hackers are making fake GitHub projects to steal crypto: Kaspersky

Kaspersky found that at least one victim lost 5 Bitcoin, worth around $442,000, to a malware-riddled fake project in November. Hackers are creating hundreds of fake GitHub projects aiming to dupe ...
TechCrunch

Google’s Gemini chatbot can now more easily analyze GitHub projects

Gemini, Google’s AI-powered chatbot, can now connect to GitHub — for users subscribed to the $20-per-month Gemini Advanced plan, that is. As of Wednesday, Gemini Advanced customers can directly add a ...