资讯

Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account ...
Krebs on Security

Tag Archives: Shai-Hulud worm

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...
SecurityWeek

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets

A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of secrets.
Ars Technica

GitHub besieged by millions of malicious repositories in ongoing attack

GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency ...
ZDNet

How to move your codebase into GitHub for analysis by ChatGPT Deep Research - and why you ...

A few days ago, I showed you an amazing new ChatGPT feature available to paying users. Plus, Pro, and Team tier users can now point Deep Research at an entire GitHub repo and get back analysis reports ...
TheServerSide

Want a private GitHub repository? It comes with a catch

Until now, the most compelling reason to opt into the GitHub Pro paid product was because it enabled you to create a private repository. Developers could use GitHub's free offering -- with a ...