-
WebRAT malware spread via fake vulnerability exploits on GitHub
The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities.
- December 23, 2025
- 02:31 PM
0
-
Nissan says thousands of customers exposed in Red Hat breach
Nissan Motor Co. Ltd. (Nissan) has confirmed that information of thousands of its customers has been compromised after the data breach at Red Hat in September.
- December 22, 2025
- 04:32 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets
The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub repositories.
- December 02, 2025
- 02:06 PM
- 0
-
The hidden risks in your DevOps stack data—and how to address them
DevOps repos on GitHub, GitLab, Bitbucket, and Azure DevOps face risks from weak access controls, misconfigurations, outages, and accidental deletions. GitProtect provides automated, immutable backups and fast recovery to secure your DevOps data.
- November 19, 2025
- 09:20 AM
- 0
-
Hackers steal Discord accounts with RedTiger-based infostealer
Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information.
- October 26, 2025
- 10:26 AM
- 0
-
GitHub notifications abused to impersonate Y Combinator for crypto theft
A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program.
- September 24, 2025
- 08:37 AM
- 0
-
GitHub tightens npm security with mandatory 2FA, access tokens
GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently.
- September 23, 2025
- 08:05 AM
- 1
-
LastPass: Fake password managers infect Mac users with malware
LastPass is warning users of a campaign that targets macOS users with malicious software impersonating popular products delivered through fraudulent GitHub repositories.
- September 22, 2025
- 11:36 AM
- 3
-
PyPI invalidates tokens stolen in GhostAction supply chain attack
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish malware.
- September 18, 2025
- 09:09 AM
- 1
-
Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack
A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys.
- September 08, 2025
- 03:53 PM
- 1
-
Salesloft: March GitHub repo breach led to Salesforce data theft attacks
Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August.
- September 08, 2025
- 11:43 AM
- 0
-
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack
Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked.
- September 06, 2025
- 10:11 AM
- 0
-
Okta open-sources catalog of Auth0 rules for threat detection
Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs.
- August 19, 2025
- 02:17 PM
- 0
-
Hackers breach Toptal GitHub account, publish malicious npm packages
Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index.
- July 24, 2025
- 09:26 AM
- 1
-
Microsoft open-sources VS Code Copilot Chat extension on GitHub
Microsoft has released the source code for the GitHub Copilot Chat extension for VS Code under the MIT license.
- July 01, 2025
- 03:11 PM
- 0
-
Hacker targets other hackers and gamers with backdoored GitHub code
A hacker targets other hackers, gamers, and researchers with exploits, bots, and game cheats in source code hosted on GitHub that contain hidden backdoors to give the threat actor remote access to infected devices.
- June 04, 2025
- 06:00 AM
- 2
-
Linux wiper malware hidden in malicious Go modules on GitHub
A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub.
- May 06, 2025
- 05:13 AM
- 0
-
Recent GitHub supply chain attack traced to leaked SpotBugs token
A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise multiple GitHub projects.
- April 03, 2025
- 10:46 AM
- 0
-
GitHub expands security tools after 39 million secrets leaked in 2024
Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security risks.
- April 02, 2025
- 02:24 PM
- 0
-
GitHub Action supply chain attack exposed secrets in 218 repos
The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the supply chain attack.
- March 20, 2025
- 10:34 AM
- 1
