AI
Malicious Actors Exploit SoraAI’s Popularity & GitHub to Distribute Malware
Threat actors are leveraging the growing popularity of OpenAI’s Sora, a cutting-edge video generation model, to distribute malicious software.
Disguised as a legitimate shortcut file named "SoraAI.lnk," this information-stealing malware...
cyber security
Hundreds of Malicious GitHub Repos Targeting Novice Cybercriminals Traced to Single User
Sophos X-Ops researchers have identified over 140 GitHub repositories laced with malicious backdoors, orchestrated by a single threat actor associated with the email address...
Cyber Attack
New Study Reveals Vulnerable Code Pattern Putting GitHub Projects at Risk of Path Traversal Attacks
A comprehensive research study has identified a widespread path traversal vulnerability (CWE-22) affecting 1,756 open-source GitHub projects, some of which are highly influential in...
cyber security
Critical GitHub MCP Server Vulnerability Allows Unauthorized Access to Private Repositories
A critical vulnerability in the widely-used GitHub MCP integration, boasting over 14,000 stars on GitHub, has been uncovered by Invariant Labs, posing a severe...
cyber security
DPRK IT Workers Impersonate Polish and US Nationals to Secure Full-Stack Developer Positions
A alarming cybersecurity report by Nisos has uncovered a sophisticated employment scam network potentially affiliated with the Democratic People’s Republic of Korea (DPRK).
This...
cyber security
xAI API Key Leak Exposes Proprietary Language Models on GitHub
Employee at Elon Musk’s artificial intelligence firm xAI inadvertently exposed a private API key on GitHub for over two months, granting unauthorized access to...
Cyber Security News
Massive Attack: 4,800+ IPs Used to Target Git Configuration Files
A recent surge in cyber reconnaissance has put thousands of organizations at risk after GreyNoise, a global threat intelligence platform, detected an alarming spike...
cyber security
CrazyHunter Hacker Group Exploits Open-Source GitHub Tools to Target Organizations
A relatively new ransomware outfit known as CrazyHunter has emerged as a significant threat, particularly targeting Taiwanese organizations.
The group, which started its operations...
APT
APT32 Turns GitHub into a Weapon Against Security Teams and Enterprise Networks
Southeast Asian Advanced Persistent Threat (APT) group OceanLotus, also known as APT32, has been identified as employing GitHub to conduct a sophisticated poison attack...
Cyber Security News
Massive GitHub Leak: 39M API Keys & Credentials Exposed – How to Strengthen Security
Over 39 million API keys, credentials, and other sensitive secrets were exposed on GitHub in 2024, raising considerable alarm within the developer community and...
cyber security
Prince Ransomware – An Automated Open-Source Ransomware Builder Freely Available on GitHub
The cybersecurity landscape has witnessed a concerning development with the emergence of "Prince Ransomware," an open-source ransomware builder that was freely accessible on GitHub...