Dark Reading

Hackers Hide Remcos RAT in GitHub Repository Comments

Trusted and widely used software development and collaboration platforms like GitHub and GitLab have become both targets of and vehicles for a growing range of malicious activity. The latest ...
Bleeping Computer

GitHub comments abused to push malware via Microsoft repo URLs

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. While most ...
Bleeping Computer

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions.