GIGAZINE

GitHubに数百万件もの「悪意のあるコードを埋め込んだ既存 ...

GitHubは世界最大級のソフトウェア開発プラットフォームであり、メジャーなものからニッチなものまで多種多様なリポジトリが公開されています。ところが、GitHubでは2023年半ばから大規模な「repo confusion(リポジトリかく乱攻撃)」キャンペーンが行われて ...
TechCrunch

Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot

Security researchers are warning that data exposed to the internet, even for a moment, can linger in online generative AI chatbots like Microsoft Copilot long after the data is made private. Thousands ...
Tom's Hardware on MSN

Invisible malicious code attacks 151 GitHub repos and VS Code

The technique exploits Unicode Private Use Area characters, which render as zero-width whitespace in virtually every code ...
TechRadar

GitHub repositories are being attacked and wiped in new extortion scam

GitHub users are falling victim to an ongoing extortion campaign that threatens to delete their data for good. Cybersecurity researchers from CronUp have warned of a threat actor with the alias ...
Ars Technica

GitHub besieged by millions of malicious repositories in ongoing attack

GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency ...
TechRadar

Dangerous WebRAT malware now being spread by GitHub repositories

Kaspersky finds 15 malicious GitHub repositories posing as proof‑of‑concept exploits, some crafted with Gen AI Victims receive a ZIP with decoys and a dropper (rasmanesc.exe) that installs WebRAT ...