X

Vous n'êtes pas connecté

Rubriques :

Maroc Maroc - ITSECURITYNEWS.INFO - A La Une - 06/Apr 12:08

Fake GitHub CI Update Steals Secrets and Tokens

An automated campaign abusing GitHub’s pull_request_target workflow trigger to steal CI/CD secrets at scale. The attacker, using the handle ezmtebo, fired off more than 475 malicious pull requests (PRs) in just 26 hours, impersonating routine CI configuration updates to trick maintainers. The campaign…

Articles similaires

Sorry! Image not available at this time

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

itsecuritynews.info - 02/Apr 20:36

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal...

Sorry! Image not available at this time

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

itsecuritynews.info - 02/Apr 20:36

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal...

Sorry! Image not available at this time

GitHub-Backed Malware Spread via LNK Files in South Korea

itsecuritynews.info - 06/Apr 12:36

Hackers are abusing Windows shortcut files and GitHub to run a stealthy, multi‑stage malware campaign against organizations in South Korea. The...

Sorry! Image not available at this time

Hackers Abuse GitHub and Jira Notifications to Deliver Phishing Through Trusted SaaS Channels

itsecuritynews.info - 13/Apr 18:14

Cybercriminals are now weaponizing the very tools that developers and IT teams trust the most. By abusing the automated notification features built...

Sorry! Image not available at this time

Hackers Abuse GitHub and Jira Notifications to Deliver Phishing Through Trusted SaaS Channels

itsecuritynews.info - 13/Apr 18:14

Cybercriminals are now weaponizing the very tools that developers and IT teams trust the most. By abusing the automated notification features built...

Sorry! Image not available at this time

OpenAI rotates macOS certs after Axios attack hit code-signing workflow

bleepingcomputer.com - 13/Apr 17:39

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a...

Sorry! Image not available at this time

OpenAI rotates macOS certs after Axios attack hit code-signing workflow

bleepingcomputer.com - 13/Apr 17:39

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a...

Sorry! Image not available at this time

Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data

itsecuritynews.info - 06/Apr 14:13

A malicious PyPI package, hermes-px, that masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a private...

Sorry! Image not available at this time

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

itsecuritynews.info - 16:09

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure. The post GitHub Actions...

Sorry! Image not available at this time

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

itsecuritynews.info - 16:09

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure. The post GitHub Actions...

Les derniers communiqués