GitHub
WebRAT malware spread via fake vulnerability exploits on GitHub
The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. Previously spread through pirated software and cheats for games like Roblox, Counter Strike, and Rust, WebRAT is a backdoor with info-stealing capabilities that emerged at the beginning of the year. According to a report from Solar 4RAYS in May, […]
Nissan says thousands of customers exposed in Red Hat breach
Nissan Motor Co. Ltd. (Nissan) has confirmed that information of thousands of its customers has been compromised after the data breach at Red Hat in September. The Japanese multinational automobile manufacturer headquartered in Yokohama, Japan, produces more than 3.2 million cars a year. The company employs 120,000 people and has a strong presence in Japan, North […]
Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets
The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub repositories. Although just about 10,000 of the exposed secrets were verified as valid by the open-source TruffleHog scanning tool, researchers at cloud security platform Wiz say that […]
Hackers steal Discord accounts with RedTiger-based infostealer
Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. The malware can also steal credentials stored in the browser, cryptocurrency wallet data, and game accounts. RedTiger is a Python-based penetration testing suite for Windows and Linux that bundles options for scanning networks and cracking […]
Red Hat confirms security incident after hackers claim GitHub breach
An extortion group calling itself the Crimson Collective claims to have breached Red Hat’s private GitHub repositories, stealing nearly 570GB of compressed data across 28,000 internal projects. This data allegedly includes approximately 800 Customer Engagement Reports (CERs), which can contain sensitive information about a customer’s network and platforms. A CER is a consulting document prepared for […]
GitHub notifications abused to impersonate Y Combinator for crypto theft
A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program. Y Combinator is a startup accelerator that funds and mentors projects in their early stages, and connects founders with a network of alumni and venture capital firms. The attacker abused GitHub’s notification system to […]
GitHub tightens npm security with mandatory 2FA, access tokens
GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently. Notable cyberattacks that started from compromising GitHub repositories and then spread to NPM include the “s1ngularity” attack in late August, the “GhostAction” campaign in early September, and the worm-style campaign dubbed “Shai-Hulud” from last week. The […]
LastPass: Fake password managers infect Mac users with malware
LastPass is warning users of a campaign that targets macOS users with malicious software impersonating popular products delivered through fraudulent GitHub repositories. The fake apps deliver the Atomic (AMOS) info-stealing malware in ClickFix attacks, and are promoted through search engine optimization (SEO) tactics on Google and Bing. AMOS is a malware-as-a-service operation available for $1,000/month that typically […]
PyPI invalidates tokens stolen in GhostAction supply chain attack
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn’t abuse them to publish malware. These tokens are used to publish packages on the Python Package Index (PyPI), a software repository that acts as the default source for Python’s […]
Self-propagating supply chain attack hits 187 npm packages
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack, with a malicious self-propagating payload to infect other packages. The coordinated worm-style campaign dubbed ‘Shai-Hulud’ started yesterday with the compromise of the @ctrl/tinycolor npm package, which receives over 2 million weekly downloads. Since then, the campaign has expanded significantly and now includes packages […]