Tag: github
-
Trojanized jQuery Infiltrates npm, GitHub, and CDNs: Thousands of Packages at Risk
by
in SecurityNewsFirst seen on hackread.com Jump to article: hackread.com/trojanized-jquery-threatens-npm-github-and-cdns/
-
Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication
by
in SecurityNewsAdversary-in-the-middle attacks can strip out the passkey option from login pages that users see, leaving targets with only authentication choices tha… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/passkey-redaction-attacks-subvert-github-microsoft-authentication
-
Secrets Exposed: The Rise of GitHub as an Attack Vector
by
in SecurityNewsA Look at Chariot’s Capability to Protect On June 6, 2024, an anonymous user posted nearly 300 GB of stolen source code to 4chan. Per the user, the le… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/secrets-exposed-the-rise-of-github-as-an-attack-vector/
-
Dev rejects CVE severity, makes his GitHub repo read-only
by
in SecurityNewsThe popular open source project, ‘ip’ had its GitHub repository archived, or made read-only by its developer as a result of a dubious CVE report filed… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/
-
Xeno RAT Attacking Users Via GitHub Repository And .gg Domains
Threat actors use RATs because they provide attackers with persistent access to compromised systems, enabling long-term espionage and exploitation. No… First seen on gbhackers.com Jump to article: gbhackers.com/xeno-rat-attacks-via-github-gg-domains/
-
Guest Blog: Ox Security on learning from the Recent GitHub Extortion Campaigns
by
in SecurityNewsA new threat actor group known as Gitloker has launched an alarming campaign that wipes victims’ GitHub repositories and attempts to extort them. Vict… First seen on itsecurityguru.org Jump to article: www.itsecurityguru.org/2024/06/13/guest-blog-proactive-application-security-learning-from-the-recent-github-extortion-campaigns
-
Week in review: JetBrains GitHub plugin vulnerability, 20k FortiGate appliances compromised
by
in SecurityNewsHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Users of JetBrains IDEs at risk of GitHub access tok… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/16/week-in-review-jetbrains-github-plugin-vulnerability-20k-fortigate-appliances-compromised/
-
New York Times Internal Data Nabbed From GitHub
by
in SecurityNewsThe tranche of data, lifted from underprotected GitHub repositories, reportedly includes source code, though the country’s paper of record has not yet… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/new-york-times-internal-data-nabbed-from-github
-
Weekly Vulnerability Report: Critical Security Flaws Identified by Cyble in GitHub, FortiOS, and PHP
by
in SecurityNewsThe Cyber Express, in collaboration with r Express, in collaboration with Cyble Research & Intel… First seen on thecyberexpress.com Jump to article: https://thecyberexpress.com/weekly-vulnerability-report-security-flaws/
-
GitHub Repos Targeted in Cyber-Extortion Attacks
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-repos-targeted-in-cyber-extortion-attacks
-
Angriffswelle: Hacker löscht Github-Repos und fordert Lösegeld
by
in SecurityNewsFür die Kontaktaufnahme verweist der Angreifer auf Telegram. Er gibt sich als Analyst für Cybervorfälle aus und behauptet, ein Back-up erstellt zu hab… First seen on golem.de Jump to article: www.golem.de/news/angriffswelle-hacker-loescht-github-repos-und-fordert-loesegeld-2406-185827.html
-
JetBrains fixed IntelliJ IDE flaw exposing GitHub access tokens
by
in SecurityNewsJetBrains warned to fix a critical vulnerability in IntelliJ integrated development environment (IDE) apps that exposes GitHub access tokens. JetBrain… First seen on securityaffairs.com Jump to article: securityaffairs.com/164466/security/jetbrains-fixed-intellij-ide-flaw.html
-
New York Times warns freelancers of GitHub repo data breach
by
in SecurityNewsThe New York Times notified an undisclosed number of contributors that some of their sensitive personal information was stolen and leaked after its Gi… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-york-times-warns-freelancers-of-github-repo-data-breach/
-
GitHub phishing campaign wipes repos, extorts victims
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/news/github-phishing-campaign-wipes-repos-extorts-victims
-
JetBrains Warns of GitHub Plugin that Exposes Access Tokens
by
in SecurityNewsA critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and later) exposed access tokens to malicious… First seen on gbhackers.com Jump to article: gbhackers.com/jetbrains-github-plugin-flaw/
-
GitHub Paid Out Over $4 Million via Bug Bounty Program
by
in SecurityNewsThe code hosting platform GitHub has paid out more than $4 million since the launch of its bug bounty program 10 years ago. The post hosting platform … First seen on securityweek.com Jump to article: www.securityweek.com/github-paid-out-over-4-million-via-bug-bounty-program/
-
JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens
by
in SecurityNewsJetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and expo… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/jetbrains-warns-of-intellij-ide-bug-exposing-github-access-tokens/
-
Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)
by
in SecurityNewsJetBrains has fixed a critical vulnerability (CVE-2024-37051) that could expose users of its integrated development environments (IDEs) to GitHub acce… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/11/cve-2024-37051/
-
Proactive Application Security: Learning from the Recent GitHub Extortion Campaigns
by
in SecurityNewsA new threat actor group known as Gitloker has launched an alarming campaign that wipes victims’ GitHub repositories and attempts to extort them. Vict… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/proactive-application-security-learning-from-the-recent-github-extortion-campaigns/
-
Gitloker attacks abuse GitHub notifications to push malicious oAuth apps
Threat actors impersonate GitHub’s security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/gitloker-attacks-abuse-github-notifications-to-push-malicious-oauth-apps/
-
New York Times source code compromised via exposed GitHub token
by
in SecurityNewsThe source code and data of The New York Times leaked on the 4chan was stolen from the company’s GitHub repositories in January 2024. This week, VX-Un… First seen on securityaffairs.com Jump to article: securityaffairs.com/164280/data-breach/new-york-times-source-code-leaked.html
-
New York Times source code stolen using exposed GitHub token
by
in SecurityNewsInternal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company’s GitHub repos… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-york-times-source-code-stolen-using-exposed-github-token/
-
Google Accidentally Published Internal Search Docs To GitHub
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/35958/Google-Accidentally-Published-Internal-Search-Docs-To-GitHub.html
-
Erpresser übernehmen GitHub-Repositories, greifen Daten ab und löschen Inhalte
by
in SecurityNewsHacker haben vermutlich über Phishing GitHub-Zugangsdaten abgegriffen, die Inhalte der Repositories kopiert und gelöscht und dann die Betroffenen erpr… First seen on heise.de Jump to article: www.heise.de/news/Erpresser-uebernehmen-GitHub-Repositories-greifen-Daten-ab-und-loeschen-Inhalte-9751516.html
-
8th April Threat Intelligence Report
by
in SecurityNewsAcuity, a federal contractor, confirmed a cyber incident where hackers accessed its GitHub repositories, and stole various documents. The breach, link… First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2024/8th-april-threat-intelligence-report/
-
GitHub repositories compromised in ongoing Gitloker intrusions
by
in SecurityNews
Tags: githubFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/github-repositories-compromised-in-ongoing-gitloker-intrusions
-
New Gitloker attacks wipe GitHub repos in extortion scheme
by
in SecurityNewsFirst seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-gitloker-attacks-wipe-github-repos-in-extortion-scheme/
-
GitHub Server Flaw Causes Critical Authentication Bypass
by
in SecurityNewsRecent developments have highlighted a critical security flaw in GitHub Enterprise Server, underscoring the importance of proactive measures to ensure… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/github-server-flaw-causes-critical-authentication-bypass/
-
Der Nerd-Weg, um den Windows Defender abzuschalten
by
in SecurityNewsFirst seen on golem.de Jump to article: www.golem.de/news/github-der-nerd-weg-um-den-windows-defender-abzuschalten-2405-185537.html
-
Compromising ByteDance’s Rspack using GitHub Actions Vulnerabilities
by
in SecurityNewsOverview Recently, we identified several critical Pwn Request vulnerabilities within GitHub Actions used by the Rspack repository. These vulnerabiliti… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/compromising-bytedances-rspack-using-github-actions-vulnerabilities/