资讯

CSO Online3 小时

GhostAction campaign steals 3325 secrets in GitHub supply chain attack

Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.
Arabian Post5 小时

Cyber-Attack Campaign GhostAction Targets GitHub Workflows

This breach exposed a critical weakness in the current CI/CD security model: the assumption that automated workflows are inherently benign. The GhostAction supply chain campaign underscores how ...

Microsoft introduces Rust repository for Windows driver development

Programming Windows drivers in Rust – Microsoft takes stock and presents a special repository with Rust tools.
Security Boulevard2 天

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...
The Hacker News3 天

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.
InfoWorld4 天

Chat with data the easy way in R or Python

Why write SQL queries when you can get an LLM to write the code for you? Query NFL data using querychat, a new chatbot ...
CSO Online4 天

Malicious npm packages use Ethereum blockchain for malware delivery

Ethereum smart contracts used to hide URL to secondary malware payloads in an attack chain triggered by a malicious GitHub ...
XDA Developers on MSN5 天

One of the best File Explorer alternatives just got a huge wave of updates for its version ...

The Omnibar is a major design update in Files v4.0, replacing the traditional Address Bar with a brand new control that ...
How-To Geek on MSN5 天

How to Set Up Home Assistant Community Store (And Why You Should)

Home Assistant is a dizzyingly powerful smart home platform, thanks in no small part to its vast array of integrations. But ...