Skip to main content
FreeIntelHub
Feed Threat Feed Search Trending
Intelligence CVE Priority Vulnerability IOC Lookup IOC Feed YARA Rules Phishing Lookup Exploit Lookup Pastes Dark Web
Adversaries Threat Groups Software Campaigns
Explore Dashboard Geo Map Heatmap MITRE ATT&CK
Browse Sources Vendors Categories Sectors
RSS API
FreeIntelHub
/
Sign In

GitHub

20 articles

GBHackers Supply Chain GitHub May 29

Typosquatted npm Packages Steal Cloud and CI/CD Secrets

A coordinated npm supply chain attack has been uncovered targeting developers working with OpenSearch, ElasticSearch, and DevOps tooling, with attackers acti...

T1195

GBHackers →

Infosecurity Magazine Data Breach GitHub May 29

AI-Generated npm Malware Leaks Its Own GitHub Token

Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator

Infosecurity Magazine →

CISA Advisories Campaigns GitHub May 28

Supply Chain Compromises Impact Nx Console and GitHub Repositories

CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Contin...

T1195

CISA Advisories →

GBHackers Malware GitHub May 28

AI-Generated npm Malware Leaks Hacker’s Private GitHub Token

A newly discovered malicious npm package is drawing attention across the cybersecurity community after inadvertently exposing its own operator’s private GitH...

T1041

GBHackers →

Graham Cluley General GitHub May 27

Smashing Security podcast #469: What your Oura ring won’t tell you

CISA, the US government agency whose entire job is keeping America's critical infrastructure safe from hackers, has had a contractor publish dozens of plain-...

Graham Cluley →

The Hacker News General GitHub Intel May 27

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Secu...

The Hacker News →

CSO Online Campaigns GitHub May 26

GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos

A large-scale automated GitHub backdooring campaign was caught pushing thousands of malicious commits into public repositories while posing as routine CI/CD ...

CSO Online →

GBHackers Vulnerability Disclosure GitHub May 26

Multiple 7-Zip Vulnerabilities Enable Arbitrary Code Execution

Multiple memory safety bugs in 7‑Zip 26.00 allow remote attackers to leak sensitive data and, in at least one case, execute arbitrary code when a victim open...

GBHackers →

SecurityWeek Supply Chain GitHub May 25

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub R...

T1195

SecurityWeek →

GBHackers Supply Chain GitHub May 25

GitHub Strengthens npm Security With Staged Publishing Protection

GitHub has introduced a major security enhancement to the npm ecosystem with the general availability of staged publishing and new install-time controls in n...

T1195

GBHackers →

Security Affairs Malware GitHub May 24

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Popu...

T1195

Security Affairs →

BleepingComputer Campaigns GitHub May 23

Laravel Lang packages hijacked to deploy credential-stealing malware

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after a...

T1195

BleepingComputer →

The Hacker News Supply Chain GitHub May 23

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a relea...

T1195 T1598

The Hacker News →

GBHackers Vulnerability Disclosure GitHub May 23

Hackers Compromise Laravel-Lang Packages via 700 GitHub Repos

A sophisticated and active supply chain attack has struck the Laravel-Lang open-source organization, compromising over 700 historical package versions across...

T1190 T1195

GBHackers →

SC Media General GitHub May 22

TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet... - SWN #583

SC Media →

HackRead Supply Chain GitHub May 22

5,561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours

SafeDep uncovered the Megalodon attack targeting 5,561 GitHub repositories with malicious CI workflows and cloud credential theft.

T1078 T1195

HackRead →

The Hacker News Campaigns GitHub May 22

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub reposit...

T1041

The Hacker News →

Trail of Bits Malware GitHub May 22

We hardened zizmor's GitHub Actions static analyzer

In March 2026, attackers exploited a pull_request_target misconfiguration in the aquasecurity/trivy-action GitHub Action to exfiltrate organization and repos...

T1041

Trail of Bits →

SecurityWeek Supply Chain GitHub May 22

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated. The post Grafana Says Codebase and Other Dat...

T1041 T1195

SecurityWeek →

GBHackers Campaigns GitHub May 22

Megalodon Malware Rapidly Infects Over 5,500 GitHub Repositories

A newly identified malware campaign dubbed “Megalodon” has compromised more than 5,500 GitHub repositories, raising serious concerns about the security of op...

GBHackers →

«Previous page 1 2 3 4 5 6 7 Next page»
FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA