At the beginning of 2025, Trellix specialists uncovered a sweeping cyber-espionage campaign targeting diplomatic missions in Seoul. Between March and July, at least nineteen phishing attacks were recorded, in which North Korean–linked actors impersonated...
GitHub CEO Thomas Dohmke has delivered a stark warning to the global IT industry: developers who fail to embrace artificial intelligence must be prepared to leave the profession. His statement, published on the company...
In the first half of 2025, researchers observed the active exploitation of a new malware loader known as CastleLoader. Since its emergence, this tool has become a central element in the distribution infrastructure for...
GitHub has released Spark, a new service for application creation, into open access. Powered by the Claude Sonnet 4 model, Spark is available through the GitHub Copilot Pro+ subscription at a cost of $39...
Following a sweeping law enforcement operation in May—which dismantled over 2,300 domains and disrupted portions of its infrastructure—the malicious Lumma platform is once again exhibiting a resurgence in activity. Despite the significant blow, the...
In April 2025, cybersecurity experts from Cisco Talos uncovered a new threat vector: cybercriminals exploiting public repositories on GitHub to host malicious payloads used in distributing the Amadey trojan. According to researchers, the creation...
Over the weekend, an employee of the Department of Government Efficiency (DOGE), an agency under Elon Musk’s purview, inadvertently exposed a confidential key that granted direct access to over 50 of xAI’s language models....
Security researchers from GitGuardian and Synacktiv have uncovered a critical vulnerability in Laravel, the widely used PHP framework that powers hundreds of thousands of web applications. The issue stems from the leakage of the...
Cybercriminals have begun leveraging GitHub to disseminate dangerous spyware disguised as a free VPN service. The malicious campaign, uncovered by researchers at Cyfirma, masqueraded as a program called “Free VPN for PC.” Instead of...
GitAlerts GitHub repositories created under any organization can be controlled by the GitHub administrators. However, any repository created under an organization’s user account is not controllable unless the organization has adopted the GitHub enterprise-managed...
GShark The project is based on golang with AdminLTE to build a management system to manage the Github search results. Github API has been utilized to scrawl the related results according to keywords and...
Security researchers have uncovered multiple repositories on GitHub distributing malicious software under the guise of cracked versions of popular software. In a malicious operation dubbed “gitgub,” specialists from the German company G DATA identified...
In 2023, GitHub users inadvertently disclosed approximately 12.8 million credentials and other confidential secrets across more than 3 million public repositories. Cybersecurity experts at GitGuardian, upon investigating this issue, dispatched 1.8 million cautionary emails...
Cybereason has identified a new malware variant named Snake, which proliferates through Facebook messages. This Python-written infostealer is designed to pilfer confidential user data. The stolen data are transmitted across various platforms, including Discord,...
Researchers at Apiiro investigated a widespread campaign of attacks on the GitHub platform using malicious repositories. The experts identified over 100,000 counterfeit repositories, mimicking popular open-source projects to disseminate malware. The number of such...
ReversingLabs has identified two malicious modules in the widely-used NPM package registry, which utilize GitHub to store SSH keys encrypted in Base64 that had previously been pilfered from developers’ systems. The modules, named warbeast2000...
