GitHub disables Microsoft repos pushing password-stealing malware

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, ...
Bleeping Computer

GitHub repos bombarded by info-stealing commits masked as Dependabot

Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers. The campaign unfolded in July ...

Microsoft disables over 70 GitHub repos after hackers compromised them with dangerous malware

Someone forgot to change compromised credentials ...
The Hacker News

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

Microsoft confirms it temporarily removed GitHub repos after Miasma worm compromised 73 of its open-source projects to inject ...
Dark Reading

'Water Curse' Targets Infosec Pros via Poisoned GitHub Repositories

A newly identified threat group has weaponized GitHub repositories offering what appear to be legitimate pen-testing and other security tools to deliver malware via malicious build scripts and project ...
Dark Reading

Millions of Repos on GitHub Are Potentially Vulnerable to Hijacking

Millions of enterprise software repositories on GitHub are vulnerable to repojacking, a relatively simple kind of software supply chain attack where a threat actor redirects projects that are ...
CoinTelegraph

GitHub investigates unauthorized access to internal repositories

GitHub said the activity involved the exfiltration of about 3,800 internal repositories, and it removed the malicious code extension. GitHub said on Wednesday it is investigating unauthorized access ...
Geeky Gadgets

Why your private GitHub repos may not be as secure as you think

Private and deleted GitHub repositories are not as secure as users might assume. Data from deleted forks, deleted repositories, and private repositories can still be accessed, often indefinitely. This ...