-
Red Hat data breach escalates as ShinyHunters joins extortion
Enterprise software giant Red Hat is now being extorted by the ShinyHunters gang, with samples of stolen customer engagement reports (CERs) leaked on their data leak site.
- October 06, 2025
- 05:08 PM
0
-
Red Hat confirms security incident after hackers breach GitLab instance
An extortion group calling itself the Crimson Collective claims to have stolen nearly 570GB of compressed data across 28,000 internal development respositories belonging to Red Hat, with the company confirming it was a breach of one of its GitLab instances.
- October 02, 2025
- 02:15 AM
2
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Linux Foundation unveils decentralized WordPress plugin manager
A collective of former WordPress developers and contributors backed by the Linux Foundation has launched the FAIR Package Manager, a new and independent distribution system for trusted WordPress plugins and themes.
- June 09, 2025
- 02:07 PM
- 1
-
Kali Linux warns of update failures after losing repo signing key
Offensive Security warned Kali Linux users to manually install a new Kali repository signing key to avoid experiencing update failures.
- April 28, 2025
- 12:37 PM
- 1
-
Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts
A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code.
- March 16, 2025
- 02:36 PM
- 2
-
GitVenom attacks abuse hundreds of GitHub repos to steal crypto
A malware campaign dubbed GitVenom uses hundreds of GitHub repositories to trick users into downloading info-stealers, remote access trojans (RATs), and clipboard hijackers to steal crypto and credentials.
- February 25, 2025
- 02:45 PM
- 0
-
Gitloker attacks abuse GitHub notifications to push malicious OAuth apps
Threat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos.
- June 10, 2024
- 06:24 PM
- 0
-
New York Times source code stolen using exposed GitHub token
Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer.
- June 08, 2024
- 01:10 PM
- 1
-
New Gitloker attacks wipe GitHub repos in extortion scheme
Attackers are targeting GitHub repositories, wiping their contents, and asking the victims to reach out on Telegram for more information.
- June 06, 2024
- 01:53 PM
- 1
-
Millions of Docker repos found pushing malware, phishing sites
Three large-scale campaigns have targeted Docker Hub users, planting millions of repositories designed to push malware and phishing sites since early 2021.
- April 30, 2024
- 01:32 PM
- 2
-
SSH keys stolen by stream of malicious PyPI and npm packages
A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software developers on the platforms.
- September 27, 2023
- 05:48 PM
- 1
-
NPM ecosystem at risk from “Manifest Confusion” attacks
The NPM (Node Package Manager) registry suffers from a security lapse called "manifest confusion," which undermines the trustworthiness of packages and makes it possible for attackers to hide malware in dependencies or perform malicious script execution during installation.
- June 28, 2023
- 10:28 AM
- 0
-
Millions of GitHub repos likely vulnerable to RepoJacking, researchers say
Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of users.
- June 22, 2023
- 11:45 AM
- 0
-
Malicious Microsoft VSCode extensions steal passwords, open remote shells
Cybercriminals are starting to target Microsoft's VSCode Marketplace, uploading three malicious Visual Studio extensions that Windows developers downloaded 46,600 times.
- May 17, 2023
- 12:37 PM
- 1
-
Researcher hijacks popular Packagist PHP packages to get a job
A researcher hijacked over a dozen Packagist packages—with some having been installed hundreds of millions of times over the course of their lifetime. The researcher reached out to BleepingComputer stating that by hijacking these packages he hopes to get a job. And, he seems pretty confident that this would work.
- May 03, 2023
- 11:30 AM
- 1
-
Yandex denies hack, blames source code leak on former employee
A Yandex source code repository allegedly stolen by a former employee of the Russian technology company has been leaked as a Torrent on a popular hacking forum.
- January 26, 2023
- 09:44 AM
- 1
-
GitHub makes it easier to scan your code for vulnerabilities
GitHub introduced a new option to set up code scanning for a repository known as "default setup," designed to help developers configure it automatically with just a few clicks.
- January 09, 2023
- 02:27 PM
- 0
-
Slack's private GitHub code repositories stolen over holidays
Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories.
- January 05, 2023
- 03:50 AM
- 0
-
Open-source repositories flooded by 144,000 phishing packages
Unknown threat actors have uploaded a total of 144,294 phishing-related packages on the open-source package repositories NuGet, PyPI, and NPM.
- December 14, 2022
- 09:00 AM
- 0
-
Auth0 warns that some source code repos may have been stolen
Authentication service provider and Okta subsidiary Auth0 has disclosed what it calls a "security event" involving some of its code repositories.
- September 28, 2022
- 02:03 PM
- 0
- 1
- 2
