SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
Hosted on MSN

Hackers target South American crypto users on GitHub with credential stealing Trojan

Hackers are now stealing crypto credentials on GitHub with a banking Trojan called Astaroth. The development was revealed after research by cybersecurity firm McAfee. The outfit claimed that the ...
Bleeping Computer

Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full ...

Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos

Infoseccers at Google acquisition target Wiz think they've found the root cause of the GitHub supply chain attack that ...
Infosecurity-magazine.com

Malicious Ads Target Freelance Developers via GitHub

A new malware campaign targeting freelance developers has been using deceptive job advertisements to trick them into downloading malicious software disguised as legitimate tools. The campaign ...