Hosted on MSN

Kaspersky warns of malware-ridden GitHub projects: how hackers are stealing credentials

Cybercriminals are exploiting GitHub to spread credential-stealing malware through fake repositories, cybersecurity firm Kaspersky has warned. The campaign, dubbed “GitVenom,” involves attackers ...
ZDNet

GitHub warns Java developers of new malware poisoning NetBeans projects

GitHub has issued a security alert on Thursday warning about a new malware strain that's been spreading on its site via boobytrapped Java projects. The malware, which GitHub's security team has named ...
CSOonline

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack. The way build ...
Bleeping Computer

Over 3.1 million fake "stars" on GitHub projects used to boost rankings

GitHub has a problem with inauthentic "stars" used to artificially inflate the popularity of scam and malware distribution repositories, helping them reach more unsuspecting users. Stars are similar ...