Security News

GitHub becomes go-to platform for malware delivery across Europe
2025-05-28 04:30

Phishing has become the go-to method for attackers looking to get past security controls and access sensitive environments in Europe, according to Netskope. Users are now constantly dealing with...

Linux wiper malware hidden in malicious Go modules on GitHub
2025-05-06 09:13

A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. [...]

SWE-agent: Open-source tool uses LLMs to fix issues in GitHub repositories
2025-04-23 05:30

By connecting powerful language models like GPT-4o and Claude Sonnet 3.5 to real-world tools, the open-source tool SWE-agent allows them to autonomously perform complex tasks: from fixing bugs in...

That massive GitHub supply chain attack? It all started with a stolen SpotBugs token
2025-04-07 20:11

But this mystery isn't over yet, Unit 42 opines That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow -...

SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
2025-04-04 12:28

The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back...

Recent GitHub supply chain attack traced to leaked SpotBugs token
2025-04-03 14:46

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise...

GitHub expands security tools after 39 million secrets leaked in 2024
2025-04-02 18:24

Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security risks. [...]

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
2025-04-02 05:55

Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised...

⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
2025-03-24 11:35

A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the...

Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed
2025-03-23 05:26

The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something...