A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. While most ...

This was not a case of stolen credentials, but rather of vulnerability exploitation.

GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. The campaign was first reported by a contributor to the teloxide rust ...

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...

Security researchers have uncovered a sophisticated malware-as-a-service (MaaS) operation which exploits public GitHub repositories to compromise its targets. In a blog post, Cisco Talos said the ...

A threat actor known as "Stargazer Goblin" has found a new way to leverage GitHub to distribute malware and malicious links to unsuspecting users. Instead of hosting malware on GitHub and then luring ...

Facepalm: GitHub serves as a colossal hub for software development, hosting nearly half a billion code projects created by hundreds of millions of developers worldwide. Given its extensive reach and ...

A broad malvertising campaign used a combination of illegal streaming websites and GitHub to impact nearly 1 million Windows PCs with data-stealing malware. The campaign, identified by Microsoft, ...

For the last few years, Mac users are facing a wave of fake apps on Microsoft-owned GitHub that disguise themselves as popular software, only to trick victims into handing over their passwords. The ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.