Skip to main content
FreeIntelHub
Feed Threat Feed Search Trending
Intelligence CVE Priority Vulnerability IOC Lookup IOC Feed YARA Rules Phishing Lookup Exploit Lookup Pastes Dark Web
Adversaries Threat Groups Software Campaigns
Explore Dashboard Geo Map Heatmap MITRE ATT&CK
Browse Sources Vendors Categories Sectors
RSS API
FreeIntelHub
/
Sign In

GitHub

20 articles

Help Net Security General GitHub Jul 2

GitHub’s new tool helps prevent costly open-source license violations

GitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependen...

Help Net Security →

BleepingComputer Malware GitHub Jul 1

ChocoPoc malware delivered via trojanized exploits on GitHub

Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands a...

BleepingComputer →

BleepingComputer Campaigns GitHub Jul 1

New ChocoPoC malware targets researchers via trojanized PoC exploits

Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute...

BleepingComputer →

GBHackers CVE GitHub Jun 29

Critical Hoppscotch Vulnerability Lets Attackers Overwrite JWT_SECRET and Forge Admin Tokens

A critical security vulnerability, identified as CVE-2026-50160, has been discovered in the self-hosted Hoppscotch backend. This vulnerability allows unauthe...

1 IOC

GBHackers →

Help Net Security Zero-Day GitHub Jun 29

Mozilla warns of indirect prompt injection risk in AI coding agents

A malicious GitHub repository can silently compromise a developer’s machine without containing a single line of malicious code, security researchers at Mozil...

Help Net Security →

BleepingComputer Malware GitHub Jun 27

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with running a seemingly benign GitHub repository could execute a malicious payload that is invisible to both security agents a...

BleepingComputer →

GBHackers CVE GitHub Docker Jun 26

FOSSBilling Flaw Lets Admin Attackers Abuse DI Container for SQL Access and RCE

A critical server-side template injection (SSTI) vulnerability in FOSSBilling, tracked as CVE-2026-28496, is exposing instances to potential full database co...

T1190 1 IOC

GBHackers →

The Hacker News Malware GitHub Jun 26

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that ...

T1195

The Hacker News →

CISA Advisories Vulnerability Disclosure GitHub Jun 25

pydicom pynetdicom Library

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths. The following versi...

1 IOC

CISA Advisories →

CISA Advisories Vulnerability Disclosure GitHub Jun 25

pydicom pynetdicom Library

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths. The following versi...

1 IOC

CISA Advisories →

GBHackers Supply Chain GitHub Jun 24

Grafana Confirms TanStack npm Supply Chain Attack Led to GitHub Repository Cloning

Grafana Labs has confirmed that a recent supply chain attack involving the TanStack npm ecosystem resulted in the cloning of its internal GitHub repositories...

T1195

GBHackers →

The Hacker News Vulnerability Disclosure GitHub Jun 23

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "...

T1195

The Hacker News →

GBHackers Vulnerability Disclosure GitHub Jun 23

Cordyceps Supply chain Vulnerability Impacting Code Repositories at thousands of Organizations

A pervasive CI/CD vulnerability pattern dubbed “Cordyceps” reveals a supply chain vulnerability that lets unauthenticated attackers seize control of Git-base...

T1059

GBHackers →

CSO Online Vulnerability Disclosure GitHub Jun 22

GitHub Actions hardens checkout security to block ‘pwn request’ attacks

Stung by a surge in cyberattacks that have run amok in developer environments, GitHub has strengthened the security of actions/checkout to block ‘pwn request...

CSO Online →

SANS ISC General GitHub Jun 22

Webshells Remain Popular, (Mon, Jun 22nd)

Webshells have been popular for a long time. We already covered this topic across multiple diaries[1][2].

T1190

SANS ISC →

GBHackers General GitHub Jun 22

GitHub Actions Checkout Adds Protection Against Malicious pull_request_target Workflows

GitHub has implemented a major security enhancement in its Actions ecosystem with the release of actions/checkout v7, which aims to address a long-standing c...

GBHackers →

GBHackers Campaigns GitHub Jun 22

Massive GitHub Attack Injects Malware into 10,000 Compromised Repositories

A large-scale malware distribution campaign utilizing GitHub repositories has been uncovered. This coordinated effort weaponized over 10,000 repositories to ...

GBHackers →

Infosecurity Magazine General GitHub Jun 18

Fake GitHub Stars and AI Videos Mask a Crypto Clipper

A Rust crypto clipper hides behind fake GitHub stars and AI-narrated YouTube videos

Infosecurity Magazine →

Help Net Security General GitHub Jun 18

New 42Crunch plugin helps developers find and fix API vulnerabilities in GitHub Copilot

42Crunch has announced the availability of the 42Crunch API Security Testing Plugin for GitHub Copilot. This latest advance enables developers to continuousl...

Help Net Security →

Infosecurity Magazine Phishing GitHub Jun 17

Serverless Phishing Kit on GitHub Targets Mexican Banks

GitBait phishing kit abuses GitHub Pages and the SheetBest API to steal Mexican banking credentials

T1566

Infosecurity Magazine →

«Previous page 1 2 3 4 ... 7 Next page»
FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA