Dark Reading

GitHub-Hosted Malware Infects 1M Windows Users

A broad malvertising campaign used a combination of illegal streaming websites and GitHub to impact nearly 1 million Windows PCs with data-stealing malware. The campaign, identified by Microsoft, ...
Bleeping Computer

GitHub expands security tools after 39 million secrets leaked in 2024

GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and ...

This worrying Git flaw could lead to users leaking credentials

Security researcher finds related attacks and dubbed them Clone2Leak This allowed threat actors to leak credentials through ...
Infosecurity-magazine.com

Phishing Tool GoIssue Targets Developers on GitHub

A new phishing tool named “GoIssue” has surfaced on a cybercrime forum, posing a significant threat to GitHub users and the broader software development community. This tool enables cybercriminals to ...
Hosted on MSN

GitHub moves to tighten npm security amid phishing, malware plague

GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.… September has been a bad month for npm with phishing attacks on package ...
Dark Reading

OAuth Attacks Target Microsoft 365, GitHub

A trio of ongoing campaigns have highlighted once again the continued popularity among cybercriminals of malicious OAuth apps as a go-to attack method. In one wave of recent attacks, threat actors ...
Bleeping Computer

GitHub notifications abused to impersonate Y Combinator for crypto theft

A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program. Y Combinator is a startup accelerator that funds ...