GitHub

Oversharing is not caring: What’s at stake if your employees post too much online

AndyC 2 December 2025

Social Media From LinkedIn to X, GitHub to Instagram, there are plenty of opportunities to share work-related information. But posting...

CamoLeak: GitHub Copilot Flaw Allowed Silent Data Theft

AndyC 15 October 2025

Image: przemekklos/Envato A critical vulnerability in GitHub Copilot Chat (CVSS 9.6) allowed attackers to siphon secrets and source code from...

Astaroth Trojan abuses GitHub to host configs and evade takedowns

AndyC 14 October 2025

Astaroth Trojan abuses GitHub to host configs and evade takedowns Pierluigi Paganini October 13, 2025 The Astaroth banking Trojan uses...

UK government still wants Apple to break data encryption

Cybercrime group claims to have breached Red Hat ‘s private GitHub repositories

AndyC 3 October 2025

Cybercrime group claims to have breached Red Hat ‘s private GitHub repositories Pierluigi Paganini October 02, 2025 The cybercrime group...

Smashing Security podcast #436: The €600,000 gold heist, powered by ransomware

AndyC 25 September 2025

Ransomware doesn’t just freeze computers – it can silence alarms too. And when the Natural History Museum in Paris went...

Beware: GitHub repos distributing Atomic Infostealer on macOS

AndyC 22 September 2025

Beware: GitHub repos distributing Atomic Infostealer on macOS Pierluigi Paganini September 22, 2025 LastPass warns macOS users of fake GitHub...

Self-Replicating Worm Hits 180+ Software Packages

AndyC 17 September 2025

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that...

Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack

AndyC 9 September 2025

Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack Pierluigi Paganini September 08, 2025...

PsyOps of Phishing: A Wolf in Shepherd’s Clothing

xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs

AndyC 2 May 2025

An employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months...

Creating a Large Text File Viewer by Vibe Coding with Visual Studio Code, Cline, OpenRouter, and Claude 3.7

Development of a Extensive Document File Viewer through Creative Programming in Visual Studio Code, Cline, OpenRouter, and Claude 3.7

AndyC 24 April 2025

A fresh Windows 10/11 software utilizing AI has been successfully developed. This project is a sequel to the SquareCap application...

DOGE Worker’s Code Supports NLRB Whistleblower

DOGE Worker’s Ethical Guidelines Backs NLRB Informant

AndyC 24 April 2025

An informer at the National Labor Relations Board (NLRB) claimed recently that inhabitants of Elon Musk’s Office of Government Efficiency...

Whistleblower: DOGE Siphoned NLRB Case Data

Informant: DOGE Drained NLRB Case Data

AndyC 24 April 2025

An expert in security working at the National Labor Relations Board (NLRB) is asserting that personnel from the Department of...

Hacking

A Supply Chain Assault on Coinbase with GitHub Actions; Leaked CI/CD Secrets from 218 Repositories

AndyC 23 March 2025

The GitHub Action "tj-actions/changed-files" was at the center of the supply chain breach, commencing as a precise strike against one...

Hacking

Security Breach in GitHub Action Exposes CI/CD Credentials in More Than 23,000 Repositories

AndyC 18 March 2025

Security experts have highlighted an event where the widely used GitHub Action tj-actions/changed-files was infiltrated leading to the exposure of...

AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution

AI-Supported False GitHub Repositories Boost SmartLoader and LummaStealer Distribution

AndyC 12 March 2025

Malicious actors can deploy malware via GitHub for conducting highly damaging assaults, particularly when paired with advanced threats like Lumma...

GitHub

CamoLeak: GitHub Copilot Flaw Allowed Silent Data Theft

Astaroth Trojan abuses GitHub to host configs and evade takedowns

Smashing Security podcast #436: The €600,000 gold heist, powered by ransomware

Beware: GitHub repos distributing Atomic Infostealer on macOS

Self-Replicating Worm Hits 180+ Software Packages

Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack

xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs

Development of a Extensive Document File Viewer through Creative Programming in Visual Studio Code, Cline, OpenRouter, and Claude 3.7

DOGE Worker’s Ethical Guidelines Backs NLRB Informant

Informant: DOGE Drained NLRB Case Data

A Supply Chain Assault on Coinbase with GitHub Actions; Leaked CI/CD Secrets from 218 Repositories

Security Breach in GitHub Action Exposes CI/CD Credentials in More Than 23,000 Repositories

AI-Supported False GitHub Repositories Boost SmartLoader and LummaStealer Distribution

ESET Threat Report H2 2025

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Donate Bitcoin to this address

Donate Ethereum to this address

The Power of Large Language Models for Cybersecurity

Self-Harm Prevention Kit Guide for Schools: Identifying Risks and Protecting Students

How To Spot Health Insurance Scams This Open Enrollment Season

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

GhostPairing campaign abuses WhatsApp device linking to hijack accounts

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed