repositories

GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

AndyC 20 May 2026

GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP...

Read More

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories

AndyC 22 April 2026

In some compromised repositories, we observed both techniques being present simultaneously (i.e., the malicious .vscode/tasks.json alongside the appended obfuscated JavaScript)....

Read More

44 Aqua Security repositories defaced after Trivy supply chain breach

44 Aqua Security repositories defaced after Trivy supply chain breach

AndyC 24 March 2026

44 Aqua Security repositories defaced after Trivy supply chain breach Pierluigi Paganini March 23, 2026 Malicious Trivy images on Docker...

Read More

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

AndyC 27 February 2026

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into...

Read More

Untrusted repositories turn Claude code into an attack vector

Untrusted repositories turn Claude code into an attack vector

AndyC 26 February 2026

Untrusted repositories turn Claude code into an attack vector Pierluigi Paganini February 25, 2026 Flaws in Anthropic’s Claude Code could...

Read More

BTMOB: A stealthy RAT burrowing deep into Android devices

BTMOB: A stealthy RAT burrowing deep into Android devices

AndyC 27 May 2026

The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise Daniel Cunha Barbosa 26 May 2026 • ,...

Read More

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

AndyC 26 May 2026

Digital Security Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data Christian Ali Bravo...

Read More

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

AndyC 26 May 2026

Digital Security Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data Christian Ali Bravo...

Read More

Webworm: New burrowing techniques

Webworm: New burrowing techniques

AndyC 26 May 2026

ESET researchers analyzed the 2025 activity of Webworm, a China-aligned APT group that started out targeting organizations in Asia, but has recently shifted its focus...

Read More

Webworm: New burrowing techniques

Webworm: New burrowing techniques

AndyC 26 May 2026

ESET researchers analyzed the 2025 activity of Webworm, a China-aligned APT group that started out targeting organizations in Asia, but has recently shifted its focus...

Read More

The quest for greater tech independence

The quest for greater tech independence

AndyC 26 May 2026

The Trump administration’s shift in tone and approach toward traditional allies has understandably unsettled many nations, raising doubts about U.S. reliability and concerns over dependence...

Read More

Smashing Security podcast #469: What your Oura ring won’t tell you

Smashing Security podcast #469: What your Oura ring won’t tell you

AndyC 30 May 2026

Smashing Security podcast #469: What your Oura ring won’t tell you

Smashing Security podcast #469: What your Oura ring won’t tell you

AndyC 30 May 2026

Smashing Security podcast #469: What your Oura ring won’t tell you

Smashing Security podcast #469: What your Oura ring won’t tell you

AndyC 30 May 2026

Smashing Security podcast #469: What your Oura ring won’t tell you

Smashing Security podcast #469: What your Oura ring won’t tell you

AndyC 30 May 2026

Smashing Security podcast #469: What your Oura ring won’t tell you

Smashing Security podcast #469: What your Oura ring won’t tell you

AndyC 30 May 2026