< ciso
brief />
Tag Banner

All news with #github tag

136 articles · page 4 of 7

GitHub Phishing Uses Fake OpenClaw Tokens to Drain Wallets

🔒 Threat actors are exploiting interest in OpenClaw with a GitHub phishing campaign that lures developers with fake 'CLAW' token airdrops promising thousands of dollars. Attackers open issues, tag developers, and redirect victims to cloned sites that prompt users to connect their crypto wallets. Researchers at OX Security found obfuscated wallet‑stealing code and a C2 server used to collect addresses and drain funds. Recommended actions include blocking the phishing domain and revoking suspicious wallet approvals.
read more →

GitHub adds AI bug detection to broaden security coverage

🛡️ GitHub is integrating AI-based scanning into Code Security to extend vulnerability detection beyond CodeQL, targeting ecosystems like Shell/Bash, Dockerfiles, Terraform, PHP and more. The hybrid model preserves CodeQL for deep semantic analysis while using AI to increase coverage in areas hard for traditional static analysis. Findings and suggested fixes appear directly in pull requests, and a public preview is expected in early Q2 2026.
read more →

GlassWorm Campaign Uses Solana Dead-Drops for RAT Operations

🔍 Cybersecurity researchers report a new GlassWorm evolution that delivers a multi-stage data theft framework and a remote access trojan (RAT) which force-installs a malicious Google Chrome extension masquerading as Google Docs Offline. The campaign gains initial access via rogue packages on npm, PyPI, GitHub and Open VSX, and resolves C2 addresses using Solana memos and public Google Calendar dead drops. A .NET component performs hardware wallet phishing when Ledger or Trezor devices are connected, while a WebSocket RAT harvests browser data, executes arbitrary JavaScript, and supports HVNC and SOCKS modules. Developers are urged to verify publishers and use scanning tools such as AFINE's glassworm-hunter.
read more →

TeamPCP Expands Supply-Chain Attacks via PyPI LiteLLM

📦 The widely used Python package LiteLLM on PyPI was found to contain credential-stealing malware in versions 1.82.7 and 1.82.8, uploaded on 24 March 2026. Security researchers report the malicious code harvested SSH keys, cloud credentials, Kubernetes secrets, database credentials, TLS keys and cryptocurrency wallets, then encrypted and exfiltrated the data to attacker infrastructure and installed persistent backdoors. Endor Labs and JFrog analysis showed the later variant executed whenever any Python process started, enabling silent background operation; version 1.82.6 is the last known clean release and organizations are urged to rotate secrets and audit systems for compromise.
read more →

TeamPCP Expands Supply-Chain Attacks on Checkmarx Actions

🔒 Two GitHub Actions maintained by Checkmarxast-github-action and kics-github-action — were compromised by the credential-stealing operation TeamPCP. The malware harvests CI and cloud credentials and exfiltrates encrypted archives named tpcp.tar.gz to a vendor-typosquat domain. Actors also create a fallback repository (docs-tpcp) using stolen GITHUB_TOKENs and have trojanized Open VSX extensions. Organizations are advised to rotate secrets, audit runner logs, and pin Actions to full commit SHAs.
read more →

Trivy Supply-Chain Attack Spreads to Docker and GitHub

🔔 The TeamPCP threat actor extended its Trivy supply‑chain attack by pushing malicious Docker images and hijacking Aqua Security's GitHub organization, tampering with multiple repositories. Security researchers and Socket identified Docker Hub images tagged 0.69.5 and 0.69.6 that lack corresponding GitHub releases and contain indicators of compromise linked to the TeamPCP Cloud stealer. Aqua said incomplete token rotation after an earlier incident allowed attackers to reuse credentials, and the company published safe Trivy releases while engaging Sygnia to investigate and remediate.
read more →

Trivy Supply Chain Attack Expands With New Images Now

🛡️ Researchers have identified additional compromised Docker images tied to the Trivy supply‑chain incident after attackers injected credential‑stealing malware into official releases and GitHub Actions. New Docker tags 0.69.5 and 0.69.6 were uploaded on March 22 without matching GitHub releases and contain IOCs linked to the TeamPCP infostealer. Aqua Security confirmed repository tampering and advised teams to treat CI/CD scans as potentially compromised while noting its commercial products appear unaffected.
read more →

Trivy Supply-Chain Breach Pushes Infostealer via GitHub

🛡️ The Trivy vulnerability scanner was compromised in a supply-chain attack that injected an infostealer into official releases and GitHub Actions. Researchers attribute the campaign to TeamPCP, which trojanized the trivy binary (v0.69.4) and replaced GitHub Action entrypoints, affecting many trivy-action tags. The malware harvested a broad range of credentials, exfiltrated data to a typosquatted C2, and deployed persistence on infected hosts. Organizations using affected versions should assume full compromise and rotate secrets immediately.
read more →

Vidar Stealer 2.0 Delivered via Fake Game Cheats on GitHub

🎮 Acronis TRU found hundreds of GitHub repositories posing as "free" game cheats that deliver the Vidar 2.0 infostealer, warning the true number of malicious repos could be in the thousands. Campaigns begin in game-focused Discord and Reddit communities and use PS2EXE-compiled PowerShell loaders to evade basic detections. Loaders add Windows Defender exclusions, fetch secondary payload URLs from Pastebin linking to GitHub-hosted binaries, and deploy a Themida-packed Vidar executable that establishes persistence via scheduled tasks. The payload then harvests credentials, tokens and files and exfiltrates them through C2 infrastructure masked by Telegram bots and Steam dead-drop resolvers.
read more →

GlassWorm Compromise Hits 400+ Repos Across Platforms

🪲 The GlassWorm supply‑chain campaign has resurfaced, compromising 433 packages, repositories, and extensions across GitHub, npm, and VSCode/OpenVSX. Researchers from Aikido, Socket, Step Security and the OpenSourceMalware community link the activity to a single actor using the same Solana address, identical payloads, and shared infrastructure. Malicious commits employ invisible Unicode to hide obfuscated JavaScript that polls the Solana blockchain for memos and downloads a Node.js runtime to execute an information stealer; developers should search for the marker lzcdrtfxyqiplpd and inspect for persistence artefacts.
read more →

North Korean Fake IT Worker Tradecraft Revealed 2026

🔍 GitLab research outlines a North Korean campaign that impersonated recruiters in the 'Contagious Interview' scheme and resulted in the banning of 131 attributed accounts. Many GitLab projects served as obfuscated loaders for malware such as BeaverTail and Ottercookie, with payloads hosted outside repositories. Operators used consumer VPNs, VPSs and laptop farms and shifted to invite-only projects, NPM dependency abuse, sandbox detection and AI-generated personas to scale fake IT worker and freelance scams.
read more →

UNC6426 Uses nx npm Supply-Chain to Gain AWS Admin Rights

🔐 Google reports that UNC6426 leveraged keys stolen in the August 2025 compromise of the nx npm package to fully breach a customer's cloud environment in under 72 hours. A trojanized postinstall executed a credential stealer named QUIETVAULT, which harvested a developer's GitHub token and other secrets. The actor abused GitHub-to-AWS OIDC trust to create an Administrator role, exfiltrated S3 data, and performed destructive actions including making internal repos public.
read more →

Critical Flaws in Four Popular VS Code Extensions Reported

⚠️ OX Security researchers disclosed multiple high-severity vulnerabilities in four widely used VS Code extensions — Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview — collectively installed more than 125 million times. The flaws can enable local-file exfiltration, arbitrary JavaScript execution, and settings-based code execution; three remain unpatched while Microsoft fixed an XSS-style issue in Live Preview in version 0.4.16 (September 2025). Researchers advise disabling or uninstalling non-essential or untrusted extensions, avoiding untrusted configurations, keeping extensions updated, and hardening local networks and firewalls.
read more →

Critical VS Code Extension Flaws Expose 128M Installs

🔒 OX Security disclosed critical and high-severity vulnerabilities in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, and local network reconnaissance. Three CVEs were published; Microsoft privately patched Live Preview. The flaws also affected AI-powered IDEs Cursor and Windsurf, and OX Security said three maintainers did not respond to notifications. Researchers urge immediate updates, disabling unused extensions, and avoiding untrusted sites while localhost servers run.
read more →

Malicious Commands in GitHub Codespaces Enable RCE Risk

⚠️Orca Security researchers disclosed multiple attack vectors in GitHub Codespaces that can produce remote code execution simply by opening a malicious repository or pull request. By embedding commands in repository configuration files—specifically .vscode/tasks.json, .vscode/settings.json and .devcontainer/devcontainer.json—an attacker can execute code, exfiltrate tokens and access secrets without further user interaction. Microsoft confirmed the behavior is "by design" and points to trusted-repository controls to limit cross-environment impact.
read more →

ThreatsDay: Codespaces RCE, AI Cloud Escalation & Trends

🔔 This ThreatsDay bulletin assembles concise signals — from GitHub Codespaces RCE vectors to mapped AsyncRAT C2 infrastructure — that show adversaries are streamlining access and persistence. It spotlights BYOVD kernel driver abuse in ransomware playbooks, an AI-assisted cloud intrusion reaching admin in minutes, and a CISA list expanding to 59 actively exploited CVEs. Defenders should prioritize developer workflow hardening, credential rotation, and rapid patching.
read more →

Multi-Stage Phishing Targets Russia with Amnesia RAT

🔒 Fortinet researchers detailed a multi-stage phishing campaign targeting Russian organizations that delivers the Amnesia RAT and Hakuna Matata ransomware. Attackers use business-themed decoy documents and malicious LNK files that fetch staged PowerShell loaders from GitHub while binary payloads are hosted on Dropbox. The chain abuses defendnot to disable Microsoft Defender, leverages Telegram bots for telemetry and exfiltration, and assembles payloads in memory to minimize disk artifacts. Targeted recipients include HR and payroll staff, enabling credential theft, surveillance, and destructive encryption.
read more →

AWS Security Agent Adds GitHub Enterprise Cloud Support

🔒 AWS now supports connecting AWS Security Agent to GitHub Enterprise Cloud, allowing organizations to apply AI-powered security analysis to private repositories. Customers install the AWS Security Agent GitHub app with required permissions to enable automated code reviews on pull requests, use the agent during penetration testing, and optionally have the agent submit PRs with recommended fixes. This capability is available in US East (N. Virginia).
read more →

DevOps & SaaS Downtime: Hidden Costs for Cloud Firms

⚠️ Recent analysis highlights that major DevOps SaaS platforms (e.g., GitHub, Jira, Azure DevOps) experienced widespread incidents in 2024–2025, with critical outages and degraded-service hours increasing sharply year‑over‑year. The piece argues the Shared Responsibility model leaves customers ultimately accountable for their data, and that native provider backups often create single points of failure with limited restore flexibility. It recommends multi‑layered, immutable backups, cross‑restore capability, defined RTO/RPOs, and continuous recovery testing to reduce financial, operational, and compliance risk.
read more →

VS Code Forks Suggest Missing Extensions, Risk Supply Chain

⚠️ AI-powered VS Code forks such as Cursor, Windsurf, Google Antigravity and Trae were found recommending extensions that do not exist in the Open VSX registry, creating unclaimed namespaces attackers could register. Koi researcher Oren Yomtov showed that a single click on a suggested install (for example, a placeholder ms-ossdata.vscode-postgresql) can deploy a rogue package, and one placeholder received over 500 installs. Cursor and Google have released fixes, and the Eclipse Foundation removed non-official contributors and tightened registry safeguards. Developers should verify publishers before accepting IDE extension recommendations.
read more →