资讯

Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

Self-propagating worm fuels latest npm supply chain compromise

In a similar style to the Nx attack, the payload then publishes a new repo via the victim's GitHub account, dropping stolen ...
Krebs on Security

Tag Archives: Shai-Hulud worm

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account ...
Ars Technica

GitHub besieged by millions of malicious repositories in ongoing attack

GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency ...

Salesloft: March GitHub repo breach led to Salesforce data theft attacks

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in ...
ZDNet

How to move your codebase into GitHub for analysis by ChatGPT Deep Research - and why you ...

A few days ago, I showed you an amazing new ChatGPT feature available to paying users. Plus, Pro, and Team tier users can now point Deep Research at an entire GitHub repo and get back analysis reports ...
TheServerSide

Want a private GitHub repository? It comes with a catch

Until now, the most compelling reason to opt into the GitHub Pro paid product was because it enabled you to create a private repository. Developers could use GitHub's free offering -- with a ...