The Hacker News

Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

PyStoreRAT spreads via fake GitHub tools using small Python or JavaScript loaders to fetch HTA files and install a modular ...
Dark Reading

'Stargazer Goblin' Amasses Rogue GitHub Accounts to Spread Malware

A threat actor known as "Stargazer Goblin" has found a new way to leverage GitHub to distribute malware and malicious links to unsuspecting users. Instead of hosting malware on GitHub and then luring ...
Yahoo

This new phishing strategy utilizes GitHub comments to distribute malware

In a new phishing campaign detected by Cofense Intelligence, threat actors used a novel approach by leveraging trusted GitHub repositories to deliver malware. The campaign is aimed at exploiting the ...
Bleeping Computer

GitHub comments abused to push password stealing malware masked as fixes

GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. The campaign was first reported by a contributor to the teloxide rust ...
Hosted on MSN

Microsoft admits GitHub hosted malware that infected almost a million devices

Infosec in Brief Microsoft has spotted a malvertising campaign that downloaded nastyware hosted on GitHub and exposed nearly a million devices to information thieves.… Discovered by Microsoft Threat ...
InfoWorld

Contagious Interview attackers go ‘full stack’ to fool you

The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a ...
CPO Magazine

North Korean Hackers Target Developers with Nearly 200 Malicious NPM Packages in “Contagious Interview” Hacking Campaign

North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages ...
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors are still abusing Visual Studio Code extensions as an entry point, with the latest fake Prettier incident ...