GitHub confirms nearly 4K repos breached after employee installed malicious VS Code extension
The company said that its current investigation indicates the attackers accessed only GitHub’s internal repositories.
2 min read
Cybersecurity Help is a global vulnerability intelligence provider. We monitor vulnerabilities in software from 60,000+ vendors and help customers prevent potential data breaches by addressing them proactively.
Request DemoThe company said that its current investigation indicates the attackers accessed only GitHub’s internal repositories.
2 min readWebworm has shifted from the McRat and Trochilus remote access trojans to lightweight proxy infrastructure and cloud-based C&C mechanisms.
3 min readThe intrusion chain involved attackers delivering a legitimate executable, a matching .config file, and a malicious DLL designed for sideloading into the trusted process.
3 min readThe service abused Microsoft Artifact Signing to generate short-term certificates that allowed malware to appear as legitimate software.
3 min readThe updated malware targets macOS users via fake installers for popular applications including WeChat and Miro.
2 min read