News

CSO Online8d
GitHub hit by a sophisticated malware campaign as ‘Banana Squad’ mimics popular repos
Attackers use typo-squatting, obfuscation, and fake accounts to slip Python-based malware into open-source projects, raising ...
Infosecurity Magazine24y
Banana Squad’s Stealthy GitHub Malware Campaign Targets Devs
Discovered by ReversingLabs, the campaign reflects a shift in open-source software supply chain attacks. While overall ...
Bleeping Computer6y
GitHub Security Alerts Now Support Python Projects - BleepingComputer
GitHub has updated its security alerts feature this week to support Python projects, after previously supporting JavaScript and Ruby. The feature, which launched last November, works by analyzing ...
Bleeping Computer7mon
GitHub projects targeted with malicious commits to frame researcher - BleepingComputer
GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and ...
InfoWorld3mon
Thousands of open source projects at risk from hack of GitHub Actions tool - InfoWorld
App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was ...
Threat Post4y
Cryptominers Slither into Python Projects in Supply-Chain Campaign
Cryptominers Slither into Python Projects in Supply-Chain Campaign. Author: Tara Seals. June 22, 2021 3:27 pm. ... Similar to other repositories like GitHub, npm and RubyGems, ...
Computer Weekly2y
15-year-old Python bug present in 350,000 open source projects
A 15-year-old vulnerability in the open source Python programming language is still finding its way into live code, with the result that over 350,000 projects are at risk of potential supply chain ...