News

The Hacker News2d
200+ Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
A new cybersecurity campaign has exposed 67 trojanized GitHub repositories, targeting gamers and developers with malicious ...
CSO Online2d
GitHub hit by a sophisticated malware campaign as ‘Banana Squad’ mimics popular repos
Attackers use typo-squatting, obfuscation, and fake accounts to slip Python-based malware into open-source projects, raising ...
Infosecurity Magazine3d
Banana Squad’s Stealthy GitHub Malware Campaign Targets Devs
Discovered by ReversingLabs, the campaign reflects a shift in open-source software supply chain attacks. While overall ...
CSO Online5d
GitHub Actions attack renders even security-aware orgs vulnerable
Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by ...
Dark Reading3d
Hackers Post Dozens of Malicious Copycat Repos to GitHub
The threat actor commonly known as "Banana Squad" started off working with maliciousPython packages and later moved to GitHub. In 2023, the group began publishing hundreds of malicious Python packages ...
Bleeping Computer6y
GitHub Security Alerts Now Support Python Projects
GitHub has updated its security alerts feature this week to support Python projects, after previously supporting JavaScript and Ruby. The feature, which launched last November, works by analyzing ...
Threat Post4y
Cryptominers Slither into Python Projects in Supply-Chain Campaign
A group of cryptominers was found to have infiltrated the Python Package Index (PyPI), which ... Similar to other repositories like GitHub, npm and RubyGems, PyPI is part of the software supply ...
Bleeping Computer7mon
GitHub projects targeted with malicious commits to frame researcher
GitHub projects have been targeted with malicious ... requirement for deepseek models" attempted to modify the models.py Python file in the Exo's code base by adding a sequence of numbers to ...