Tag: github

New PDF Tool Detects Malicious Files Using PDF Object Hashing

Oct 24, 2025 2:26 PM

Tags: business, cyber, email, github, malicious, malware, open-source, phishing, threat, tool

Proofpoint has released a new open-source tool called PDF Object Hashing that helps security teams detect and track malicious files distributed as PDFs. The tool is now available on GitHub and represents a significant advancement in identifying suspicious documents used by threat actors in phishing campaigns, malware distribution, and business email compromise attacks. PDFs have…
Dead-Drop Resolvers: Malware’s Quiet Rendezvous and Why Adaptive Defense Matters

Oct 22, 2025 5:26 AM

Tags: blockchain, ciso, control, data, defense, detection, dns, framework, github, infrastructure, malware, military, mitre, network, service, threat

At this weekend’s BSides NYC, Dr. Jonathan Fuller, CISO of the U.S. Military Academy at West Point, delivered an extremely clear talk on how modern malware hides its command-and-control (C2) infrastructure through dead-drop resolvers. Fuller, who co-authored Georgia Tech’s VADER project, described how adversaries increasingly use public platforms-GitHub, Dropbox, Pastebin, even blockchain transactions-as-covert meeting points…
Self-propagating worm found in marketplaces for Visual Studio Code extensions

Oct 22, 2025 5:26 AM

Tags: access, application-security, attack, backdoor, backup, best-practice, blockchain, breach, ciso, control, credentials, crime, crypto, cyber, data, data-breach, endpoint, framework, github, gitlab, google, government, identity, incident response, infrastructure, intelligence, least-privilege, login, malicious, malware, marketplace, network, open-source, resilience, risk, sans, security-incident, software, supply-chain, threat, tool, update, worm

Marketplaces targeted: The Koi Security report is the latest in a series of warnings that threat actors are increasingly targeting VS Code marketplaces in supply chain attacks. Last week, Koi Security exposed a threat actor dubbed TigerJack spreading malicious extensions. And researchers at Wiz just published research showing the widespread abuse of the OpenVSX and…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 67

Oct 19, 2025 5:07 PM

Tags: banking, control, github, international, korea, malicious, malware, north-korea, resilience, rust

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Astaroth: Banking Trojan Abusing GitHub for Resilience North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads New Rust Malware >>ChaosBot
Critical ASP.NET core vulnerability earns Microsoft’s highest-ever severity score

Oct 17, 2025 3:07 PM

Tags: access, advisory, api, attack, authentication, cvss, defense, exploit, flaw, framework, github, guide, Internet, microsoft, risk, update, vulnerability

The CVSS confusion: Despite Dorrans’ cautious assessment of the actual risk, the 9.9 CVSS rating has caused considerable confusion among developers, with many questioning whether the vulnerability truly warrants such an extreme severity score.Dorrans addressed this directly in the GitHub discussion, explaining that Microsoft’s scoring methodology accounts for worst-case scenarios.”On its own for ASP.NET Core,”…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users

Oct 15, 2025 10:54 AM

Tags: android, antivirus, api, banking, cyber, data, detection, github, india, infection, malicious, malware, rat, threat

The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users

Oct 15, 2025 10:54 AM

Tags: android, antivirus, api, banking, cyber, data, detection, github, india, infection, malicious, malware, rat, threat

The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
CamoLeak: GitHub Copilot Flaw Allowed Silent Data Theft

Oct 14, 2025 6:23 PM

Tags: ai, data, flaw, github, theft

A GitHub Copilot Chat bug let attackers steal private code via prompt injection. Learn how CamoLeak worked and how to defend against AI risks. The post CamoLeak: GitHub Copilot Flaw Allowed Silent Data Theft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-github-copilot-data-theft/
What AI Reveals About Web Applications”, and Why It Matters

Oct 14, 2025 2:23 PM

Tags: ai, api, github, login

Before an attacker ever sends a payload, they’ve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your systems behave. AI is significantly accelerating reconnaissance and…
Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns

Oct 14, 2025 12:23 PM

Tags: banking, credentials, crypto, github, malware

Astaroth banking trojan has evolved to use GitHub and steganography for resilient C2, hiding its vital commands in images. Learn how this sophisticated malware employs fileless techniques to steal banking and crypto credentials from users across Latin America. First seen on hackread.com Jump to article: hackread.com/astaroth-trojan-github-images-active-takedowns/
Astaroth Trojan abuses GitHub to host configs and evade takedowns

Oct 13, 2025 1:23 PM

Tags: banking, github, malware

The Astaroth banking Trojan uses GitHub to host malware configs, evade C2 takedowns and stay active by pulling new settings from the platform. McAfee discovered a new Astaroth campaign using GitHub repositories to host malware configurations. This allows attackers to evade takedowns by pulling fresh configs from GitHub whenever C2 servers are shut down, ensuring…
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns

Oct 13, 2025 10:23 AM

Tags: banking, control, cybersecurity, github, infrastructure, malware

Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns.”Instead of relying solely on traditional command-and-control (C2) servers that can be taken down, these attackers are leveraging GitHub repositories to host malware…
Astaroth Banking Malware Exploits GitHub for Hosting Configuration Files

Oct 13, 2025 8:23 AM

Tags: banking, control, cyber, exploit, github, infrastructure, malware, threat

McAfee’s Threat Research team recently uncovered a sophisticated new Astaroth campaign that represents a significant evolution in malware infrastructure tactics. This latest variant has abandoned traditional command-and-control (C2) server dependencies in favor of leveraging GitHub repositories to host critical malware configurations. The Astaroth banking malware has evolved beyond conventional C2 server architectures by exploiting GitHub’s…
CamoLeak: GitHub Copilot Flaw Allowed Silent Data Theft

Oct 10, 2025 11:23 PM

Tags: ai, data, flaw, github, theft

A GitHub Copilot Chat bug let attackers steal private code via prompt injection. Learn how CamoLeak worked and how to defend against AI risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/github-copilot-data-theft/
GitHub Copilot Flaw Allows Attackers to Steal Source Code from Private Repositories

Oct 10, 2025 12:23 PM

Tags: control, cvss, cyber, data, data-breach, flaw, github, malicious, vulnerability

A critical weakness in GitHub Copilot Chat discovered in June 2025 exposed private source code and secrets to attackers. Rated CVSS 9.6, the vulnerability combined a novel Content Security Policy bypass with remote prompt injection. By embedding hidden prompts in pull requests, attackers could exfiltrate private repository data and control Copilot’s responses, including injecting malicious…
GitHub Copilot Chat Flaw Let Private Code Leak Via Images

Oct 10, 2025 12:23 AM

Tags: ai, breach, exploit, flaw, github, intelligence, leak

Researcher Found Bug Could Exfiltrate Secrets Via Camo Images. A now-patched flaw in GitHub Copilot Chat could have allowed attackers to steal private source code and secrets by embedding hidden prompts that hijacked the artificial intelligence assistant’s responses. The exploit also used the code hosting platform’s image proxy to leak the stolen data. First seen…
GitHub Copilot ‘CamoLeak’ AI Attack Exfiltrates Data

Oct 9, 2025 10:24 PM

Tags: ai, attack, data, github

While GitHub has advanced protections for its built-in AI agent, a researcher came up with a creative proof-of-concept (PoC) attack for exfiltrating code and secrets via Copilot. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-copilot-camoleak-ai-attack-exfils-data
GitHub Copilot ‘CamoLeak’ AI Attack Exfiltrates Data

Oct 9, 2025 10:24 PM

Tags: ai, attack, data, github

While GitHub has advanced protections for its built-in AI agent, a researcher came up with a creative proof-of-concept (PoC) attack for exfiltrating code and secrets via Copilot. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-copilot-camoleak-ai-attack-exfils-data
GitHub Copilot prompt injection flaw leaked sensitive data from private repos

Oct 9, 2025 7:25 AM

Tags: access, ai, api, attack, breach, data, data-breach, flaw, github, gitlab, injection, leak, malicious, risk, vulnerability

Stealing sensitive data from repositories: Mayraz then wondered: Because Copilot has access to all of a user’s code, including private repositories, would it be possible to abuse it to exfiltrate sensitive information that was never intended to be public? The short answer is yes, but it wasn’t straightforward.Copilot has the ability to display images in…
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code

Oct 8, 2025 6:58 PM

Tags: github, leak, vulnerability
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code

Oct 8, 2025 6:58 PM

Tags: github, leak, vulnerability
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code

Oct 8, 2025 6:58 PM

Tags: github, leak, vulnerability
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code

Oct 8, 2025 6:58 PM

Tags: github, leak, vulnerability
New ‘Fully Undetectable’ Android RAT Discovered on GitHub

Oct 6, 2025 3:35 PM

Tags: android, antivirus, attack, control, cyber, detection, github, rat

Hosted at the repository “Huckel789/Android-RAT,” this fully undetectable (FUD) RAT is designed to evade antivirus detection permanently, maintain persistence in battery-optimized environments, and deliver a feature-rich command-and-control (C2C) experience entirely from a web interface. This Android RAT sets itself apart by eliminating the traditional requirement for a desktop or laptop in the attack chain. A…
Security Lessons For All From GitHub’s Hardened Package Publication For npm

Oct 2, 2025 10:41 PM

Tags: github, least-privilege

GitHub is hardening npm publishing rules but the underlying lessons can be applied by all developers: WebAuthn for writes, OIDC, and short-lived least-privilege credentials. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/security-lessons-for-all-from-githubs-hardened-package-publication-for-npm/
Hackers claim to have plundered Red Hat’s GitHub repos

Oct 2, 2025 7:41 PM

Tags: access, extortion, github, group, hacker

The Crimson Collective, an emerging extortion / hacker group, has made a bombshell claim on their Telegram channel: they have gained access to Red Hat’s GitHub and have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/02/hackers-red-hat-github-breached-customer-data-stolen/
570 GByte Github-Daten: Red Hat meldet Sicherheitsvorfall

Oct 2, 2025 4:41 PM

Tags: github, security-incident

Die Erpressergruppe Crimson Collective ist angeblich im Besitz vertraulicher Kundendaten von Red Hat – und verlangt ein Lösegeld. First seen on golem.de Jump to article: www.golem.de/news/570-gbyte-github-daten-red-hat-meldet-sicherheitsvorfall-2510-200760.html