Nuacht

Bleeping Computer

Clever 'GitHub Scanner' campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to ...
Security Boulevard

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...
Óstáilte ar MSN

Lumma Stealer malware linked as project fixes in GitHub comments

Cybercriminals have found yet another way to infect software developers with malware - through comments on GitHub projects. Whenever a developer uploads a project to GitHub, other community members ...
Bleeping Computer

Over 3.1 million fake "stars" on GitHub projects used to boost rankings

GitHub has a problem with inauthentic "stars" used to artificially inflate the popularity of scam and malware distribution repositories, helping them reach more unsuspecting users. Stars are similar ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...
TechCrunch

Google’s Gemini chatbot can now more easily analyze GitHub projects

Gemini, Google’s AI-powered chatbot, can now connect to GitHub — for users subscribed to the $20-per-month Gemini Advanced plan, that is. As of Wednesday, Gemini Advanced customers can directly add a ...
Arabian Post on MSN

Cyber-Attack Campaign GhostAction Targets GitHub Workflows

Security investigators uncovered a sweeping campaign named GhostAction supply chain campaign that compromised 327 GitHub user accounts across 817 repositories on 5 September 2025. Attackers inserted ...