Researchers at Apiiro investigated a widespread campaign of attacks on the GitHub platform using malicious repositories. The experts identified over 100,000 counterfeit repositories, mimicking popular open-source projects to disseminate malware. The number of such...
ReversingLabs has identified two malicious modules in the widely-used NPM package registry, which utilize GitHub to store SSH keys encrypted in Base64 that had previously been pilfered from developers’ systems. The modules, named warbeast2000...
Recently, GitHub rectified a vulnerability, CVE-2024-0200, in its Enterprise Server. This flaw, associated with Unsafe Reflection, permitted malefactors to execute remote code on unprotected servers. It granted access to the environment variables of production...
GitHub recently released its updated community guidelines, explaining how the company will deal with vulnerabilities and malware samples hosted on its services. Security researcher Nguyen Jang uploaded a proof-of-concept (PoC) to GitHub in March,...
