Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 2
34 résultats taggé GitHub  ✕
wget to Wipeout: Malicious Go Modules Fetch Destructive Payload https://socket.dev/blog/wget-to-wipeout-malicious-go-modules-fetch-destructive-payload
06/05/2025 11:23:41
QRCode
archive.org
thumbnail

Socket's research uncovers three dangerous Go modules that contain obfuscated disk-wiping malware, threatening complete data loss.

The Go ecosystem, valued for its simplicity, transparency, and flexibility, has exploded in popularity. With over 2 million modules available, developers rely heavily on public repositories like GitHub. However, this openness is precisely what attackers exploit.

No Central Gatekeeping: Developers freely source modules directly from GitHub repositories, trusting the naming conventions implicitly.
Prime Target for Typosquatting: Minimal namespace validation enables attackers to masquerade malicious modules as popular libraries.
Introduction: The Silent Threat#
In April 2025, we detected an attack involving three malicious Go modules which employ similar obfuscation techniques:

github[.]com/truthfulpharm/prototransform
github[.]com/blankloggia/go-mcp
github[.]com/steelpoor/tlsproxy
Despite appearing legitimate, these modules contained highly obfuscated code designed to fetch and execute remote payloads. Socket’s scanners flagged the suspicious behaviors, leading us to a deeper investigation.

socket.dev EN 2025 Wipeout github Payload GO research Developers supply-chain-attack
Linux wiper malware hidden in malicious Go modules on GitHub https://www.bleepingcomputer.com/news/security/linux-wiper-malware-hidden-in-malicious-go-modules-on-github/
06/05/2025 11:21:38
QRCode
archive.org
thumbnail

A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub.

The campaign was detected last month and relied on three malicious Go modules that included “highly obfuscated code” for retrieving remote payloads and executing them.

Complete disk destruction
The attack appears designed specifically for Linux-based servers and developer environments, as the destructive payload - a Bash script named done.sh, runs a ‘dd’ command for the file-wiping activity.

Furthermore, the payload verifies that it runs in a Linux environment (runtime.GOOS == "linux") before trying to execute.

An analysis from supply-chain security company Socket shows that the command overwrites with zeroes every byte of data, leading to irreversible data loss and system failure.

The target is the primary storage volume, /dev/sda, that holds critical system data, user files, databases, and configurations.

“By populating the entire disk with zeros, the script completely destroys the file system structure, operating system, and all user data, rendering the system unbootable and unrecoverable” - Socket

The researchers discovered the attack in April and identified three Go modules on GitHub, that have since been removed from the platform:

github[.]com/truthfulpharm/prototransform
github[.]com/blankloggia/go-mcp
github[.]com/steelpoor/tlsproxy

bleepingcomputer EN 2025 Data-Wiper GitHub Golang Linux Server supply-chain-attack
Grafana security update: no customer impact from GitHub workflow vulnerability https://grafana.com/blog/2025/04/27/grafana-security-update-no-customer-impact-from-github-workflow-vulnerability/
02/05/2025 11:45:31
QRCode
archive.org
thumbnail

On April 26, an unauthorized user exploited a vulnerability with a GitHub workflow to gain unauthorized access to tokens, all of which have now been invalidated. At this time, our investigation has found no evidence of code modifications, unauthorized access to production systems, exposure of customer data, or access to personal information.

grafana en 2025 incident investigation vulnerability GitHub workflow unauthorized access tokens
CVE-2025-32955: Security mechanism bypass in Harden-Runner Github Action https://sysdig.com/blog/security-mechanism-bypass-in-harden-runner-github-action/
23/04/2025 08:09:24
QRCode
archive.org

The Sysdig Threat Research Team (TRT) has discovered CVE-2025-32955, a now-patched vulnerability in Harden-Runner, one of the most popular GitHub Action CI/CD security tools. Exploiting this vulnerability allows an attacker to bypass Harden-Runner’s disable-sudo security mechanism, effectively evading detection within the continuous integration/continuous delivery (CI/CD) pipeline under certain conditions. To mitigate this risk, users are strongly advised to update to the latest version.

The CVE has been assigned a CVSS v3.1 base score of 6.0.

sysdig CVE-2025-32955 EN 2025 research vulnerabilty CI/CD Harden-Runner GitHub Action
Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/
16/03/2025 20:04:30
QRCode
archive.org
thumbnail

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake
#Computer #GitHub #InfoSec #Issue #OAuth #Phishing #Repository #Security

InfoSec Phishing GitHub Repository Computer OAuth Issue Security
DPRK IT Fraud Network Uses GitHub to Target Global Companies https://nisos.com/research/dprk-github-employment-fraud/
08/03/2025 12:04:29
QRCode
archive.org
thumbnail

DPRK IT workers exploit GitHub to pose as Asian developers, securing remote jobs to fund missile and nuclear programs.

nisos.com EN 2025 DPRK North-Korea GitHub developers jobs fake Personas
North Korean Fake IT Workers Leverage GitHub to Build Personas https://www.infosecurity-magazine.com/news/north-korean-fake-it-workers-github/?ref=metacurity.com
08/03/2025 12:02:30
QRCode
archive.org
thumbnail

Nisos has found six personas leveraging new and existing GitHub accounts to get developer jobs in Japan and the US

infosecurity-magazine EN 2025 GitHub North-Korea Personas
Clever 'GitHub Scanner' campaign abusing repos to push malware https://www.bleepingcomputer.com/news/security/clever-github-scanner-campaign-abusing-repos-to-push-malware/
19/09/2024 14:07:18
QRCode
archive.org
thumbnail

A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new

bleepingcomputer EN 2024 GitHub Malware Phishing
Scammers advertise fake AppleCare+ service via GitHub repos https://www.malwarebytes.com/blog/scams/2024/09/scammers-advertise-fake-applecare-service-via-github-repos
14/09/2024 21:30:04
QRCode
archive.org
thumbnail

Beware before calling Apple for assistance as scammers are creating malicious ads and fake pages to lure you in.

malwarebytes EN 2024 Scammers AppleCare+ GitHub repos
Stargazers Ghost Network https://research.checkpoint.com/2024/stargazers-ghost-network/
26/07/2024 08:23:24
QRCode
archive.org
thumbnail
  • Check Point Research identified a network of GitHub accounts (Stargazers Ghost Network) that distribute malware or malicious links via phishing repositories. The network consists of multiple accounts that distribute malicious links and malware and perform other actions such as starring, forking, and subscribing to malicious repositories to make them appear legitimate.
  • This network is a highly sophisticated operation that acts as a Distribution as a Service (DaaS). It allows threat actors to share malicious links or malware for distribution through highly victim-oriented phishing repositories.
  • Check Point Research is tracking the threat group behind this service as Stargazer Goblin. The group provides, operates, and maintains the Stargazers Ghost Network and distributes malware and links via their GitHub Ghost accounts.
  • The network distributed all sorts of malware families, including Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer, and RedLine.
  • Our latest calculations suggest that more than 3,000 active Ghost accounts are part of the network. Based on core GitHub Ghost accounts, we believe that the network began development or testing on a smaller scale for the first time around August 2022.
  • Check Point Research discovered an advertiser in Dark-Web forums that provides the exact GitHub operation. The first advertisement was published on July 8, 2023, from an account created the previous day.
  • Based on the monitored campaigns from mid-May to mid-June 2024, we estimate that Stargazer Goblin earned approximately $8,000. However, we believe that this amount is only a small fraction of what the actor made during that period. The total amount during the operations’ lifespan is estimated to be approximately $100,000.
  • Stargazers Ghost Network appears to be only one part of the grand picture, with other Ghost accounts operating on different platforms, constructing an even bigger Distribution as a Service universe.
checkpoint EN 2024 research Stargazers Ghost Network GitHub dark-web
New York Times warns freelancers of GitHub repo data breach https://www.bleepingcomputer.com/news/security/new-york-times-warns-freelancers-of-github-repo-data-breach/
16/06/2024 00:08:32
QRCode
archive.org
thumbnail

The New York Times notified an undisclosed number of contributors that some of their sensitive personal information was stolen and leaked after its GitHub repositories were breached in January 2024.

bleepingcomputer EN 2024 Breach Data-Breach GitHub Hack The-New-York-Times
Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail https://thehackernews.com/2024/05/cyber-criminals-exploit-github-and.html
25/05/2024 21:59:33
QRCode
archive.org

A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro.

thehackernews EN 2024 GitHub FileZilla AMOS impersonating software 1Password fake
Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets https://www.aquasec.com/blog/github-repos-expose-azure-and-red-hat-secrets/
16/05/2024 16:00:38
QRCode
archive.org
thumbnail

Our research reveals that personal repositories often expose sensitive corporate data, leading to severe security breaches

aquasec EN 2024 GitHub Repos Exposed Redhat Microsoft tokens
Over 170K users hit by poisoned Python package ruse https://www.theregister.com/2024/03/25/python_package_malware/
25/03/2024 19:08:21
QRCode
archive.org
thumbnail

Supply chain attack targeted GitHub community of Top.gg Discord server

theregister EN 2024 Top.gg GitHub Supply-chain-attack Python
GitHub besieged by millions of malicious repositories in ongoing attack | Ars Technica https://arstechnica.com/security/2024/02/github-besieged-by-millions-of-malicious-repositories-in-ongoing-attack/
01/03/2024 13:23:06
QRCode
archive.org
thumbnail

GitHub keeps removing malware-laced repositories, but thousands remain.

arstechnica EN 2024 github malicious repositories attack
GitHub leak exposes Chinese offensive cyber operations – researchers https://cybernews.com/news/github-leak-exposes-chinese-cyber-ops/
19/02/2024 16:23:02
QRCode
archive.org

The leaked documents supposedly discuss spyware developed by I-Soon, a Chinese infosec company, that’s targeting social media platforms, telecommunications companies, and other organizations worldwide. Researchers suspect the operations are orchestrated by the Chinese government.

Unknown individuals allegedly leaked a trove of Chinese government documents on GitHub. The documents reveal how China conducts offensive cyber operations with spyware developed by I-Soon, Taiwanese threat intelligence researcher Azaka Sekai claims.

cybernews EN 2024 leaked China researchers GitHub spyware I-Soon
Binance Code and Internal Passwords Exposed on GitHub for Months https://www.404media.co/binance-internal-code-and-passwords-exposed-on-github-for-months/
31/01/2024 15:35:12
QRCode
archive.org
thumbnail

A takedown request said the GitHub account was “hosting and distributing leaks of internal code which poses significant risk to BINANCE.”

404media EN 2024 Binance Code GitHub Exposed
Public SSH keys can leak your private infrastructure https://rushter.com/blog/public-ssh-keys/
30/01/2024 18:17:40
QRCode
archive.org

This article describes a minor security flaw in the SSH authentication protocol that can lead to unexpected private infrastructure disclosure. It also provides a PoC written in Python.

rushter EN 2019 SSH keys github leak
How a mistakenly published password exposed Mercedes-Benz source code https://techcrunch.com/2024/01/26/mercedez-benz-token-exposed-source-code-github/?guccounter=1
29/01/2024 07:12:21
QRCode
archive.org
thumbnail

Mercedes accidentally exposed a trove of sensitive data after a leaked security key gave “unrestricted access” to company’s source code.

techcrunch EN 2024 Mercedes exposed password Mercedes-Benz Source-Code GitHub
smith (CVE-2023-32434) https://github.com/felix-pb/kfd/blob/main/writeups/smith.md
03/01/2024 13:50:10
QRCode
archive.org

This write-up presents an exploit for a vulnerability in the XNU kernel:

  • Assigned CVE-2023-32434.

  • Fixed in iOS 16.5.1 and macOS 13.4.1.

  • Reachable from the WebContent sandbox and might have been actively exploited.
    *Note that this CVE fixed multiple integer overflows, so it is unclear whether or not the integer overflow used in my exploit was also used in-the-wild. Moreover, if it was, it might not have been exploited in the same way.
    The exploit has been successfully tested on:

  • iOS 16.3, 16.3.1, 16.4 and 16.5 (iPhone 14 Pro Max)

  • macOS 13.1 and 13.4 (MacBook Air M2 2022)

  • All code snippets shown below are from xnu-8792.81.2.

Poulin-Bélanger EN 2023 exploit analysis vulnerability github macos ios CVE-2023-32434
page 1 / 2
4250 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio