Security News

GitVenom attacks abuse hundreds of GitHub repos to steal crypto
2025-02-25 19:45

A malware campaign dubbed GitVenom uses hundreds of GitHub repositories to trick users into downloading info-stealers, remote access trojans (RATs), and clipboard hijackers to steal crypto and...

GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets
2025-02-25 10:13

Cybersecurity researchers are calling attention to an ongoing campaign that's targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub. The campaign,...

Major GitHub outage affects pull requests and other services
2025-01-30 15:06

​GitHub is mitigating an ongoing incident causing problems with multiple services, including performing pull requests, creating or viewing issues, and even viewing repositories and commits. [...]

GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
2025-01-27 14:17

Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access...

GitHub CISO on security strategy and collaborating with the open-source community
2025-01-13 05:00

In this Help Net Security, Alexis Wales, CISO at GitHub, discusses how GitHub embeds security into every aspect of its platform to protect millions of developers and repositories, ensuring it...

Fake LDAPNightmware exploit on GitHub spreads infostealer malware
2025-01-11 15:21

A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. [...]

Over 3.1 million fake "stars" on GitHub projects used to boost rankings
2024-12-31 15:13

GitHub has a problem with inauthentic "stars" used to artificially inflate the popularity of scam and malware distribution repositories to appear more popular, helping them reach more unsuspecting...

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
2024-12-13 20:00

A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000...

GitHub Secure Open Source Fund: Project maintainers, apply now!
2024-11-20 13:38

GitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and sustainability of their...

GitHub projects targeted with malicious commits to frame researcher
2024-11-16 15:30

GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and...