Clever 'GitHub Scanner' campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new "issue" on an open source repository falsely claiming that the project contains a "security vulnerability." [...]

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned

itsecuritynews.info - 01/Nov 11:34

Cybersecurity researchers have flagged a “massive” campaign that targets exposed Git configurations to siphon credentials, clone private...

Fintech users under threat from malicious Telegram campaign

it-online.co.za - 01/Nov 07:59

Kaspersky’s Global Research and Analysis team (GReAT) has uncovered a malicious global campaign in which attackers used Telegram to deliver Trojan...

SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

itsecuritynews.info - 04/Nov 12:33

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to distribute the SYS01 InfoStealer through ElectronJs...

Apache Lucene fixes CVE-2024-43383

thecyberthrone.in - 02/Nov 04:02

Apache Lucene.NET, an open-source search library has been discovered having a security flaw that could allow attackers to remotely execute malicious...

DPRK-linked BlueNoroff used macOS malware with novel persistence

securityaffairs.co - 07/Nov 16:16

SentinelLabs observed North Korea-linked threat actor BlueNoroff targeting businesses in the crypto industry with a new multi-stage malware....

Admins better Spring into action over latest critical open source vuln

itsecuritynews.info - 29/Oct 15:06

Patch up: The Spring framework dominates the Java ecosystem If you’re running an application built using the Spring development framework, now is a...

Russia targets Ukrainian conscripts with Windows, Android malware

bleepingcomputer.com - 28/Oct 18:36

A hybrid espionage/influence campaign conducted by the Russian threat group 'UNC5812' has been uncovered, targeting Ukrainian military recruits with...

Google fixed a critical vulnerability in Chrome browser

securityaffairs.co - 30/Oct 12:05

Google addressed a critical vulnerability in its Chrome browser, tracked as CVE-2024-10487, which was reported by Apple. Google has patched a critical...

New Malware Campaign Targets Windows Users Through Gaming Apps

itsecuritynews.info - 07/Nov 06:07

A new malware strain, Winos4.0, is actively used in cyberattack campaigns. Discovered by FortiGuard Labs, this advanced malicious framework, which...

Russian disinformation campaign active ahead of 2024 US election

securityaffairs.co - 04/Nov 10:07

U.S. intel says Russia made a fake video claiming Haitians voted illegally in Georgia, aiming to spread election disinformation. U.S. intel reports...

Rubriques :