Skip to main content
FreeIntelHub
Feed Threat Feed Search Trending
Intelligence CVE Priority Vulnerability IOC Lookup IOC Feed YARA Rules Phishing Lookup Exploit Lookup Pastes Dark Web
Adversaries Threat Groups Software Campaigns
Explore Dashboard Geo Map Heatmap MITRE ATT&CK
Browse Sources Vendors Categories Sectors
RSS API
FreeIntelHub
/
Sign In

GitHub

20 articles

The Hacker News General GitHub NEW 3h ago

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to s...

T1041

The Hacker News →

Security Affairs Campaigns GitHub 10h ago

222 GitHub Repositories Linked to Fake Go Package Malware Operation

Researchers uncovered 222 GitHub repositories spreading malware through fake Go packages, delivering loaders, stealers, RATs, and cryptominers. Socket’s secu...

Security Affairs →

BleepingComputer General GitHub 1d ago

Injective SDK on npm infected with cryptocurrency wallet stealer

Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node Package Manager (npm) that stol...

BleepingComputer →

The Hacker News General GitHub 1d ago

Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and use...

The Hacker News →

Help Net Security General GitHub 1d ago

Your coding agent says no in chat and yes in the code

Millions of developers share their keyboard with GitHub Copilot. Inside Visual Studio Code, it opens their files, writes and edits code, runs scripts, and re...

Help Net Security →

GBHackers General GitHub 1d ago

GitHub Copilot IDE Coding Agents Vulnerable to Workflow-Level Jailbreak Attacks

GitHub Copilot’s new coding agents, which are integrated into IDEs, are susceptible to a specific type of “workflow-level” jailbreak attacks. These attacks c...

GBHackers →

Help Net Security General GitHub 1d ago

Open-source collaboration is growing worldwide and putting pressure on maintainers

Developers are pushing code and opening pull requests across economy borders at a rate GitHub has rarely seen. Outbound collaboration, the sum of git pushes ...

Help Net Security →

CSO Online Supply Chain GitHub 1d ago

GitHub’s public APIs are becoming an enterprise reconnaissance tool

GitHub continues to be a scintillating target for attackers because it sits in the middle of the software supply chain and gives threat actors three things t...

T1195 T1592 T1598

CSO Online →

GBHackers General GitHub 2d ago

Attackers Can Generate Duplicate Verified GitHub Commits Using Signature Malleability

Attackers can silently clone “Verified” GitHub commits by abusing signature malleability in Git’s commit-signing formats, creating byte‑different commits wit...

GBHackers →

CSO Online Vulnerability Disclosure GitHub 2d ago

GitHub AI agent leaks private repositories via prompt injection attack

A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and publishing it publicly, exposing...

CSO Online →

The Hacker News General GitHub 2d ago

GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures

New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, s...

The Hacker News →

SC Media General GitHub 2d ago

‘GitLost’ prompt injection leaks private repos via GitHub Agentic Workflows

An issue opened on a public repository can lead the agent to disclose private details.

SC Media →

SecurityWeek Vulnerability Disclosure GitHub 2d ago

Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection

Researchers show how attackers can use a crafted public GitHub Issue to trick AI-powered workflows into exposing data from private repositories without authe...

SecurityWeek →

GBHackers Vulnerability Disclosure GitHub 2d ago

GitLost Vulnerability Lets Attackers Trick GitHub AI Agent Into Leaking Private Repos

A critical vulnerability known as “GitLost” has been discovered in GitHub’s newly introduced Agentic Workflows by Noma Labs. This flaw allows unauthenticated...

T1041

GBHackers →

The Hacker News General GitHub 3d ago

Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data

A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization's private repositories, researchers at Noma Security have show...

T1078

The Hacker News →

BleepingComputer General GitHub 3d ago

The GitHub Actions Attack Pattern Your CI Security Scanners Miss

ActiveState explains how GitHub Actions attack chains can evade traditional CI security scanners, why passing a scan doesn't guarantee a secure pipeline, and...

BleepingComputer →

HackRead General GitHub 3d ago

GitLost: GitHub’s AI Agent Tricked Into Leaking Private Repository Data

Noma Labs details GitLost, a prompt injection flaw that made GitHub's AI agent expose private repo data through a crafted public issue and guardrail failures.

HackRead →

GBHackers CVE GitHub 4d ago

PHP TLS Flaw Lets Remote Server Trigger DoS and Crash Entire FPM Process

A newly disclosed high-severity vulnerability in PHP, tracked as CVE-2026-12184, poses a significant risk to web applications by allowing a remotely triggera...

1 IOC

GBHackers →

The Hacker News Vulnerability Disclosure GitHub Jul 2

New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos

Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in...

The Hacker News →

GBHackers Vulnerability Disclosure GitHub Jul 2

ChocoPoC Campaign Abuses GitHub PoC Repositories to Steal Browser Credentials

A coordinated supply-chain campaign has been weaponizing GitHub proof-of-concept (PoC) repositories to compromise vulnerability researchers and penetration t...

GBHackers →

1 2 3 ... 7 Next page»
FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA