GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. "The malicious code exfiltrates the GitHub project's defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code

Posted from: Click here for the full article.

留言

此網誌的熱門文章

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe