All news with #github tag

🔒 Two GitHub Actions maintained by Checkmarx — ast-github-action and kics-github-action — were compromised by the credential-stealing operation TeamPCP. The malware harvests CI and cloud credentials and exfiltrates encrypted archives named tpcp.tar.gz to a vendor-typosquat domain. Actors also create a fallback repository (docs-tpcp) using stolen GITHUB_TOKENs and have trojanized Open VSX extensions. Organizations are advised to rotate secrets, audit runner logs, and pin Actions to full commit SHAs.

🔔 The TeamPCP threat actor extended its Trivy supply‑chain attack by pushing malicious Docker images and hijacking Aqua Security's GitHub organization, tampering with multiple repositories. Security researchers and Socket identified Docker Hub images tagged 0.69.5 and 0.69.6 that lack corresponding GitHub releases and contain indicators of compromise linked to the TeamPCP Cloud stealer. Aqua said incomplete token rotation after an earlier incident allowed attackers to reuse credentials, and the company published safe Trivy releases while engaging Sygnia to investigate and remediate.

🛡️ Researchers have identified additional compromised Docker images tied to the Trivy supply‑chain incident after attackers injected credential‑stealing malware into official releases and GitHub Actions. New Docker tags 0.69.5 and 0.69.6 were uploaded on March 22 without matching GitHub releases and contain IOCs linked to the TeamPCP infostealer. Aqua Security confirmed repository tampering and advised teams to treat CI/CD scans as potentially compromised while noting its commercial products appear unaffected.

🛡️ The Trivy vulnerability scanner was compromised in a supply-chain attack that injected an infostealer into official releases and GitHub Actions. Researchers attribute the campaign to TeamPCP, which trojanized the trivy binary (v0.69.4) and replaced GitHub Action entrypoints, affecting many trivy-action tags. The malware harvested a broad range of credentials, exfiltrated data to a typosquatted C2, and deployed persistence on infected hosts. Organizations using affected versions should assume full compromise and rotate secrets immediately.

🎮 Acronis TRU found hundreds of GitHub repositories posing as "free" game cheats that deliver the Vidar 2.0 infostealer, warning the true number of malicious repos could be in the thousands. Campaigns begin in game-focused Discord and Reddit communities and use PS2EXE-compiled PowerShell loaders to evade basic detections. Loaders add Windows Defender exclusions, fetch secondary payload URLs from Pastebin linking to GitHub-hosted binaries, and deploy a Themida-packed Vidar executable that establishes persistence via scheduled tasks. The payload then harvests credentials, tokens and files and exfiltrates them through C2 infrastructure masked by Telegram bots and Steam dead-drop resolvers.

🪲 The GlassWorm supply‑chain campaign has resurfaced, compromising 433 packages, repositories, and extensions across GitHub, npm, and VSCode/OpenVSX. Researchers from Aikido, Socket, Step Security and the OpenSourceMalware community link the activity to a single actor using the same Solana address, identical payloads, and shared infrastructure. Malicious commits employ invisible Unicode to hide obfuscated JavaScript that polls the Solana blockchain for memos and downloads a Node.js runtime to execute an information stealer; developers should search for the marker lzcdrtfxyqiplpd and inspect for persistence artefacts.

🔍 GitLab research outlines a North Korean campaign that impersonated recruiters in the 'Contagious Interview' scheme and resulted in the banning of 131 attributed accounts. Many GitLab projects served as obfuscated loaders for malware such as BeaverTail and Ottercookie, with payloads hosted outside repositories. Operators used consumer VPNs, VPSs and laptop farms and shifted to invite-only projects, NPM dependency abuse, sandbox detection and AI-generated personas to scale fake IT worker and freelance scams.

🔐 Google reports that UNC6426 leveraged keys stolen in the August 2025 compromise of the nx npm package to fully breach a customer's cloud environment in under 72 hours. A trojanized postinstall executed a credential stealer named QUIETVAULT, which harvested a developer's GitHub token and other secrets. The actor abused GitHub-to-AWS OIDC trust to create an Administrator role, exfiltrated S3 data, and performed destructive actions including making internal repos public.

⚠️ OX Security researchers disclosed multiple high-severity vulnerabilities in four widely used VS Code extensions — Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview — collectively installed more than 125 million times. The flaws can enable local-file exfiltration, arbitrary JavaScript execution, and settings-based code execution; three remain unpatched while Microsoft fixed an XSS-style issue in Live Preview in version 0.4.16 (September 2025). Researchers advise disabling or uninstalling non-essential or untrusted extensions, avoiding untrusted configurations, keeping extensions updated, and hardening local networks and firewalls.

🔒 OX Security disclosed critical and high-severity vulnerabilities in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, and local network reconnaissance. Three CVEs were published; Microsoft privately patched Live Preview. The flaws also affected AI-powered IDEs Cursor and Windsurf, and OX Security said three maintainers did not respond to notifications. Researchers urge immediate updates, disabling unused extensions, and avoiding untrusted sites while localhost servers run.

⚠️Orca Security researchers disclosed multiple attack vectors in GitHub Codespaces that can produce remote code execution simply by opening a malicious repository or pull request. By embedding commands in repository configuration files—specifically .vscode/tasks.json, .vscode/settings.json and .devcontainer/devcontainer.json—an attacker can execute code, exfiltrate tokens and access secrets without further user interaction. Microsoft confirmed the behavior is "by design" and points to trusted-repository controls to limit cross-environment impact.

🔔 This ThreatsDay bulletin assembles concise signals — from GitHub Codespaces RCE vectors to mapped AsyncRAT C2 infrastructure — that show adversaries are streamlining access and persistence. It spotlights BYOVD kernel driver abuse in ransomware playbooks, an AI-assisted cloud intrusion reaching admin in minutes, and a CISA list expanding to 59 actively exploited CVEs. Defenders should prioritize developer workflow hardening, credential rotation, and rapid patching.

🔒 Fortinet researchers detailed a multi-stage phishing campaign targeting Russian organizations that delivers the Amnesia RAT and Hakuna Matata ransomware. Attackers use business-themed decoy documents and malicious LNK files that fetch staged PowerShell loaders from GitHub while binary payloads are hosted on Dropbox. The chain abuses defendnot to disable Microsoft Defender, leverages Telegram bots for telemetry and exfiltration, and assembles payloads in memory to minimize disk artifacts. Targeted recipients include HR and payroll staff, enabling credential theft, surveillance, and destructive encryption.

🔒 AWS now supports connecting AWS Security Agent to GitHub Enterprise Cloud, allowing organizations to apply AI-powered security analysis to private repositories. Customers install the AWS Security Agent GitHub app with required permissions to enable automated code reviews on pull requests, use the agent during penetration testing, and optionally have the agent submit PRs with recommended fixes. This capability is available in US East (N. Virginia).

⚠️ Recent analysis highlights that major DevOps SaaS platforms (e.g., GitHub, Jira, Azure DevOps) experienced widespread incidents in 2024–2025, with critical outages and degraded-service hours increasing sharply year‑over‑year. The piece argues the Shared Responsibility model leaves customers ultimately accountable for their data, and that native provider backups often create single points of failure with limited restore flexibility. It recommends multi‑layered, immutable backups, cross‑restore capability, defined RTO/RPOs, and continuous recovery testing to reduce financial, operational, and compliance risk.

⚠️ AI-powered VS Code forks such as Cursor, Windsurf, Google Antigravity and Trae were found recommending extensions that do not exist in the Open VSX registry, creating unclaimed namespaces attackers could register. Koi researcher Oren Yomtov showed that a single click on a suggested install (for example, a placeholder ms-ossdata.vscode-postgresql) can deploy a rogue package, and one placeholder received over 500 installs. Cursor and Google have released fixes, and the Eclipse Foundation removed non-official contributors and tightened registry safeguards. Developers should verify publishers before accepting IDE extension recommendations.

⚠ Forked IDEs based on Microsoft VSCode (such as Cursor, Windsurf, Google Antigravity and Trae) retain hardcoded extension recommendations that point to Microsoft's Visual Studio Marketplace. Because these forks use OpenVSX instead, several recommended publisher namespaces were unclaimed, enabling attackers to register them and publish malicious extensions. Supply-chain researchers at Koi claimed affected namespaces and uploaded inert placeholders while coordinating with the Eclipse Foundation to secure the registry.

🐀 Attackers are hosting counterfeit proof-of-concept exploit repositories on GitHub to deliver the Webrat backdoor to unsuspecting users. Kaspersky analysts observed polished, likely machine-generated README files that mask a password-protected ZIP; the archive password is hidden in filenames and often missed. Inside are decoy DLLs, batch loaders and executables (e.g., rasmanesc.exe) that disable Windows Defender, escalate privileges, and fetch the real payload from hardcoded C2 servers. The campaign, active since at least September 2025, appears tuned to catch novice researchers and students who analyze PoCs outside isolated environments.

🛡️ Kaspersky researchers found WebRAT backdoor being distributed through GitHub repositories that posed as proof‑of‑concept exploits for recently disclosed vulnerabilities. The malicious packages were delivered as password‑protected ZIPs containing a corrupted decoy DLL, a batch script, and a main dropper named rasmanesc.exe that elevates privileges, disables Defender, and downloads WebRAT. All identified repositories have been removed, but developers are urged to verify PoC sources and test untrusted code in isolated environments.

🔓 A security researcher reported that a Home Depot employee accidentally published a private GitHub access token in early 2024, which granted access to private repositories and cloud infrastructure. When tested, the token allowed write permissions to Home Depot repos and access to order fulfillment and inventory systems. The researcher said multiple disclosure emails went unanswered; the token was removed after TechCrunch contacted the company.