Bleeping Computer

Clever 'GitHub Scanner' campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to ...
Dark Reading

GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects

Researchers have uncovered an attack vector that affected GitHub open source projects owned by Google, Microsoft, Amazon Web Services, and others, executed by abusing artifacts generated as part of ...
InfoWorld

New AI tool targets critical hole in thousands of open source apps

The tool, created by university researchers, is designed to find and automatically create a patch for vulnerabilities in large repositories like GitHub, but it isn’t perfect yet. Dutch and Iranian ...