Cybercriminals are using fake GitHub repositories to distribute Atomic Stealer malware disguised as trusted macOS apps like LastPass, Dropbox, and Not ...

LastPass, a leader in password and identity management trusted by over 100,000 businesses worldwide, today announced the ...

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel series — because it publishes any stolen credentials in a new public GitHub ...

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...

Bad actors are using GitHub's repository structure and paid Google Ads placements to trick EU IT users into downloading a unique malware dubbed "GPUGate" that includes new hardware-specific evasion ...

GitHub is organized such that each software project resides in its own repository. There are millions of repositories, and they all seek to attract users who might download their software or help ...

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.

GhostAction attack stole 3,325 secrets from 327 GitHub accounts GitGuardian helped shut it down and alerted affected projects ...

Among the compromised npm packages are those from cybersecurity experts CrowdStrike, as well as others with millions of ...