InfoWorld

Thousands of open source projects at risk from hack of GitHub Actions tool

App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was ...
Bleeping Computer

LofyGang hackers built a credential-stealing enterprise on Discord, NPM

The 'LofyGang' threat actors have created a credential-stealing enterprise by distributing 200 malicious packages and fake hacking tools on code hosting platforms, such as NPM and GitHub. Researchers ...
Newsweek

GitHub ‘Actively Encourages’ Hacking, Suit Filed Against Company After Capital One Hack Says

Lawfirm Tycko & Zavareei LLP has filed a class-action lawsuit against source-code hosting site GitHub for its link to a massive Capital One hack, alleging the company is guilty of negligence, ...
Dark Reading

LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software

The LofyGang threat group is using more than 200 malicious NPM packages with thousands of installations to steal credit card data, and gaming and streaming accounts, before spreading stolen ...
ZDNet

Hacker gains access to a small number of Microsoft's private GitHub repos

A hacker has gained access to a Microsoft employee's GitHub account and has downloaded some of the company's private GitHub repositories. The intrusion is believed to have taken place in March, and ...