Yahoo

This new phishing strategy utilizes GitHub comments to distribute malware

In a new phishing campaign detected by Cofense Intelligence, threat actors used a novel approach by leveraging trusted GitHub repositories to deliver malware. The campaign is aimed at exploiting the ...
Bleeping Computer

GitHub comments abused to push malware via Microsoft repo URLs

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. While most ...
Dark Reading

Hackers Hide Remcos RAT in GitHub Repository Comments

Trusted and widely used software development and collaboration platforms like GitHub and GitLab have become both targets of and vehicles for a growing range of malicious activity. The latest ...
Bleeping Computer

GitHub comments abused to push password stealing malware masked as fixes

GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. The campaign was first reported by a contributor to the teloxide rust ...
Dark Reading

Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments

Hackers are using unpublished GitHub and GitLab comments to generate phishing links that appear to come from legitimate open source software (OSS) projects. The clever trick, first described by Sergei ...
The Next Web

GitHub wants you to shut up, so it added emoji reactions

There may soon be a lot less comments on GitHub, and that’s a good thing. Today, the company is introducing emoji reactions for comments, pull requests and issues — just as you find in chat services ...

Zig quits GitHub, says Microsoft's AI obsession has ruined the service

The Foundation that promotes the Zig programming language has quit GitHub due to what its leadership perceives as the code sharing site's decline.