home.social

#githubsecurity — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #githubsecurity, aggregated by home.social.

  1. N-gated Hacker News @[email protected] ·

    🎉 Oh, look! Another riveting Windows update destined to "revolutionize" our lives by granting system user access to everyone and their grandmother. 🚀 And let's not forget about the obligatory GitHub plug—because who doesn't love sifting through endless repos to patch Microsoft's idea of security? 🙄
    github.com/Nightmare-Eclipse/R #WindowsUpdate #GitHubSecurity #UserAccess #TechHumor #MicrosoftPatch #HackerNews #ngated

    #windowsupdate #githubsecurity #useraccess #techhumor #microsoftpatch #hackernews
  2. TechNadu @[email protected] ·

    Researchers have documented a campaign abusing GitHub repositories themed as OSINT tools, GPT utilities, and developer resources to deliver PyStoreRAT, a modular, multi-stage remote access trojan.

    The operation leverages delayed malicious commits, minimal loader stubs, reputation manipulation, and HTA-based execution to reduce early detection. In parallel, a separate RAT campaign demonstrates region- and language-aware targeting logic.

    These cases underscore evolving tradecraft around trust abuse and script-based implants.
    How are you adapting repository vetting and execution controls in your environment?

    Source: thehackernews.com/2025/12/fake

    Engage in the discussion and follow TechNadu for measured infosec reporting.

    #InfoSec #ThreatIntel #MalwareAnalysis #GitHubSecurity #OpenSourceRisk #TechNadu

    #infosec #threatintel #malwareanalysis #githubsecurity #opensourcerisk #technadu
  3. TechNadu @[email protected] ·

    Researchers have documented a campaign abusing GitHub repositories themed as OSINT tools, GPT utilities, and developer resources to deliver PyStoreRAT, a modular, multi-stage remote access trojan.

    The operation leverages delayed malicious commits, minimal loader stubs, reputation manipulation, and HTA-based execution to reduce early detection. In parallel, a separate RAT campaign demonstrates region- and language-aware targeting logic.

    These cases underscore evolving tradecraft around trust abuse and script-based implants.
    How are you adapting repository vetting and execution controls in your environment?

    Source: thehackernews.com/2025/12/fake

    Engage in the discussion and follow TechNadu for measured infosec reporting.

    #InfoSec #ThreatIntel #MalwareAnalysis #GitHubSecurity #OpenSourceRisk #TechNadu

    #infosec #threatintel #malwareanalysis #githubsecurity #opensourcerisk #technadu
  4. TechNadu @[email protected] ·

    Researchers have documented a campaign abusing GitHub repositories themed as OSINT tools, GPT utilities, and developer resources to deliver PyStoreRAT, a modular, multi-stage remote access trojan.

    The operation leverages delayed malicious commits, minimal loader stubs, reputation manipulation, and HTA-based execution to reduce early detection. In parallel, a separate RAT campaign demonstrates region- and language-aware targeting logic.

    These cases underscore evolving tradecraft around trust abuse and script-based implants.
    How are you adapting repository vetting and execution controls in your environment?

    Source: thehackernews.com/2025/12/fake

    Engage in the discussion and follow TechNadu for measured infosec reporting.

    #InfoSec #ThreatIntel #MalwareAnalysis #GitHubSecurity #OpenSourceRisk #TechNadu

    #infosec #threatintel #malwareanalysis #githubsecurity #opensourcerisk #technadu
  5. TechNadu @[email protected] ·

    Researchers have documented a campaign abusing GitHub repositories themed as OSINT tools, GPT utilities, and developer resources to deliver PyStoreRAT, a modular, multi-stage remote access trojan.

    The operation leverages delayed malicious commits, minimal loader stubs, reputation manipulation, and HTA-based execution to reduce early detection. In parallel, a separate RAT campaign demonstrates region- and language-aware targeting logic.

    These cases underscore evolving tradecraft around trust abuse and script-based implants.
    How are you adapting repository vetting and execution controls in your environment?

    Source: thehackernews.com/2025/12/fake

    Engage in the discussion and follow TechNadu for measured infosec reporting.

    #InfoSec #ThreatIntel #MalwareAnalysis #GitHubSecurity #OpenSourceRisk #TechNadu

    #technadu #opensourcerisk #githubsecurity #malwareanalysis #threatintel #infosec
  6. TechNadu @[email protected] ·

    Researchers have documented a campaign abusing GitHub repositories themed as OSINT tools, GPT utilities, and developer resources to deliver PyStoreRAT, a modular, multi-stage remote access trojan.

    The operation leverages delayed malicious commits, minimal loader stubs, reputation manipulation, and HTA-based execution to reduce early detection. In parallel, a separate RAT campaign demonstrates region- and language-aware targeting logic.

    These cases underscore evolving tradecraft around trust abuse and script-based implants.
    How are you adapting repository vetting and execution controls in your environment?

    Source: thehackernews.com/2025/12/fake

    Engage in the discussion and follow TechNadu for measured infosec reporting.

    #InfoSec #ThreatIntel #MalwareAnalysis #GitHubSecurity #OpenSourceRisk #TechNadu

    #infosec #threatintel #malwareanalysis #githubsecurity #opensourcerisk #technadu
  7. The DefendOps Diaries @[email protected] ·

    GitHub notifications trusted you, right? Now imagine them doubling as a gateway for a Y Combinator scam that stole crypto. One subtle typo in a domain and hackers had developers in their sights. Stay vigilant—this one’s a wake-up call!

    thedefendopsdiaries.com/github

    #githubsecurity
    #phishing
    #cryptotheft
    #socialengineering
    #infosec
    #web3security
    #zerotrust
    #cybersecurity
    #domainspoofing

    #githubsecurity #phishing #cryptotheft #socialengineering #infosec #web3security
  8. The DefendOps Diaries @[email protected] ·

    GitHub notifications trusted you, right? Now imagine them doubling as a gateway for a Y Combinator scam that stole crypto. One subtle typo in a domain and hackers had developers in their sights. Stay vigilant—this one’s a wake-up call!

    thedefendopsdiaries.com/github

    #githubsecurity
    #phishing
    #cryptotheft
    #socialengineering
    #infosec
    #web3security
    #zerotrust
    #cybersecurity
    #domainspoofing

    #domainspoofing #cybersecurity #zerotrust #web3security #infosec #socialengineering
  9. The DefendOps Diaries @[email protected] ·

    GitHub notifications trusted you, right? Now imagine them doubling as a gateway for a Y Combinator scam that stole crypto. One subtle typo in a domain and hackers had developers in their sights. Stay vigilant—this one’s a wake-up call!

    thedefendopsdiaries.com/github

    #githubsecurity
    #phishing
    #cryptotheft
    #socialengineering
    #infosec
    #web3security
    #zerotrust
    #cybersecurity
    #domainspoofing

    #githubsecurity #phishing #cryptotheft #socialengineering #infosec #web3security
  10. N-gated Hacker News @[email protected] ·

    🎉 Breaking news: Typo alert! Some genius decided to check if misspelling "ghcr.io" as "ghrc.io" would lead to a secret Nginx rave 🕺—only to discover it's a phishing scam instead. Who knew a single letter could compromise your GitHub creds faster than you can say "oops"? 🤦‍♂️
    bmitch.net/blog/2025-08-22-ghr #TypoAlert #PhishingScam #GitHubSecurity #NginxRave #CyberSecurity #HackerNews #ngated

    #typoalert #phishingscam #githubsecurity #nginxrave #cybersecurity #hackernews
  11. N-gated Hacker News @[email protected] ·

    🎉 Breaking news: Typo alert! Some genius decided to check if misspelling "ghcr.io" as "ghrc.io" would lead to a secret Nginx rave 🕺—only to discover it's a phishing scam instead. Who knew a single letter could compromise your GitHub creds faster than you can say "oops"? 🤦‍♂️
    bmitch.net/blog/2025-08-22-ghr #TypoAlert #PhishingScam #GitHubSecurity #NginxRave #CyberSecurity #HackerNews #ngated

    #typoalert #phishingscam #githubsecurity #nginxrave #cybersecurity #hackernews
  12. N-gated Hacker News @[email protected] ·

    🎉 Breaking news: Typo alert! Some genius decided to check if misspelling "ghcr.io" as "ghrc.io" would lead to a secret Nginx rave 🕺—only to discover it's a phishing scam instead. Who knew a single letter could compromise your GitHub creds faster than you can say "oops"? 🤦‍♂️
    bmitch.net/blog/2025-08-22-ghr #TypoAlert #PhishingScam #GitHubSecurity #NginxRave #CyberSecurity #HackerNews #ngated

    #ngated #hackernews #cybersecurity #nginxrave #githubsecurity #phishingscam
  13. N-gated Hacker News @[email protected] ·

    🎉 Breaking news: Typo alert! Some genius decided to check if misspelling "ghcr.io" as "ghrc.io" would lead to a secret Nginx rave 🕺—only to discover it's a phishing scam instead. Who knew a single letter could compromise your GitHub creds faster than you can say "oops"? 🤦‍♂️
    bmitch.net/blog/2025-08-22-ghr #TypoAlert #PhishingScam #GitHubSecurity #NginxRave #CyberSecurity #HackerNews #ngated

    #typoalert #phishingscam #githubsecurity #nginxrave #cybersecurity #hackernews
  14. LMG Security @[email protected] ·

    The Amazon Q AI Hack: A Wake-Up Call for Developer Tool Security

    Nearly 1 million developers unknowingly downloaded malicious code—and it took 6 days before anyone noticed.

    In this episode of Cyberside Chats, @sherridavidoff and @MDurrin dive into the Amazon Q AI Hack, a stark reminder of how vulnerable our software development tools truly are. From GitHub misconfigurations to supply chain breaches, we’ll explore:

    🔹 How a single GitHub token compromise allowed a hacker to inject destructive AI prompts
    🔹 Why popular AI tools like Copilot, Gemini, and Q are not as safe as you think
    🔹 Supply chain attack lessons from SolarWinds, XZ Utils, and NotPetya
    🔹 Best practices to secure your build pipelines and vet third-party developers

    🎥 Watch the video: youtu.be/qHQ4jdZ7mwI
    🎧 Listen to the podcast: chatcyberside.com/e/unmasking-

    #Cybersecurity #SupplyChainSecurity #AItools #DevSecOps #AmazonQHack #GitHubSecurity #Infosec #CybersideChats #LMGSecurity

    #cybersecurity #supplychainsecurity #aitools #devsecops #amazonqhack #githubsecurity
  15. LMG Security @[email protected] ·

    The Amazon Q AI Hack: A Wake-Up Call for Developer Tool Security

    Nearly 1 million developers unknowingly downloaded malicious code—and it took 6 days before anyone noticed.

    In this episode of Cyberside Chats, @sherridavidoff and @MDurrin dive into the Amazon Q AI Hack, a stark reminder of how vulnerable our software development tools truly are. From GitHub misconfigurations to supply chain breaches, we’ll explore:

    🔹 How a single GitHub token compromise allowed a hacker to inject destructive AI prompts
    🔹 Why popular AI tools like Copilot, Gemini, and Q are not as safe as you think
    🔹 Supply chain attack lessons from SolarWinds, XZ Utils, and NotPetya
    🔹 Best practices to secure your build pipelines and vet third-party developers

    🎥 Watch the video: youtu.be/qHQ4jdZ7mwI
    🎧 Listen to the podcast: chatcyberside.com/e/unmasking-

    #Cybersecurity #SupplyChainSecurity #AItools #DevSecOps #AmazonQHack #GitHubSecurity #Infosec #CybersideChats #LMGSecurity

    #lmgsecurity #cybersidechats #infosec #githubsecurity #amazonqhack #devsecops
  16. LMG Security @[email protected] ·

    The Amazon Q AI Hack: A Wake-Up Call for Developer Tool Security

    Nearly 1 million developers unknowingly downloaded malicious code—and it took 6 days before anyone noticed.

    In this episode of Cyberside Chats, @sherridavidoff and @MDurrin dive into the Amazon Q AI Hack, a stark reminder of how vulnerable our software development tools truly are. From GitHub misconfigurations to supply chain breaches, we’ll explore:

    🔹 How a single GitHub token compromise allowed a hacker to inject destructive AI prompts
    🔹 Why popular AI tools like Copilot, Gemini, and Q are not as safe as you think
    🔹 Supply chain attack lessons from SolarWinds, XZ Utils, and NotPetya
    🔹 Best practices to secure your build pipelines and vet third-party developers

    🎥 Watch the video: youtu.be/qHQ4jdZ7mwI
    🎧 Listen to the podcast: chatcyberside.com/e/unmasking-

    #Cybersecurity #SupplyChainSecurity #AItools #DevSecOps #AmazonQHack #GitHubSecurity #Infosec #CybersideChats #LMGSecurity

    #cybersecurity #supplychainsecurity #aitools #devsecops #amazonqhack #githubsecurity
  17. HackerNoon @[email protected] ·

    GitHub's repo network can expose deleted or private commits. Learn how forks, SHAs, and metadata can leak your secrets even after cleanup. hackernoon.com/why-github-comm #githubsecurity

    #githubsecurity
  18. N-gated Hacker News @[email protected] ·

    😱 Look out! The Oracle VM #VirtualBox is now a magician's hat, pulling a VM escape rabbit through a VGA device-sized hole. But don't worry, just sprinkle some GitHub magic pixie dust and your code will be safer than ever! 🧙‍♂️✨
    github.com/google/security-res #OracleVM #VMescape #GitHubSecurity #MagicCoding #HackerNews #ngated

    #virtualbox #oraclevm #vmescape #githubsecurity #magiccoding #hackernews
  19. N-gated Hacker News @[email protected] ·

    😱 Look out! The Oracle VM #VirtualBox is now a magician's hat, pulling a VM escape rabbit through a VGA device-sized hole. But don't worry, just sprinkle some GitHub magic pixie dust and your code will be safer than ever! 🧙‍♂️✨
    github.com/google/security-res #OracleVM #VMescape #GitHubSecurity #MagicCoding #HackerNews #ngated

    #virtualbox #oraclevm #vmescape #githubsecurity #magiccoding #hackernews
  20. N-gated Hacker News @[email protected] ·

    😱 Look out! The Oracle VM #VirtualBox is now a magician's hat, pulling a VM escape rabbit through a VGA device-sized hole. But don't worry, just sprinkle some GitHub magic pixie dust and your code will be safer than ever! 🧙‍♂️✨
    github.com/google/security-res #OracleVM #VMescape #GitHubSecurity #MagicCoding #HackerNews #ngated

    #ngated #hackernews #magiccoding #githubsecurity #vmescape #oraclevm
  21. N-gated Hacker News @[email protected] ·

    😱 Look out! The Oracle VM #VirtualBox is now a magician's hat, pulling a VM escape rabbit through a VGA device-sized hole. But don't worry, just sprinkle some GitHub magic pixie dust and your code will be safer than ever! 🧙‍♂️✨
    github.com/google/security-res #OracleVM #VMescape #GitHubSecurity #MagicCoding #HackerNews #ngated

    #virtualbox #oraclevm #vmescape #githubsecurity #magiccoding #hackernews
  22. The DefendOps Diaries @[email protected] ·

    GitHub is shaking up code security after 39 million secrets leaked—now every team can access standalone tools backed by AI and major cloud partners. Curious how this could reshape digital protection?

    thedefendopsdiaries.com/github

    #githubsecurity
    #softwareprotection
    #secretmanagement
    #cybersecuritytools
    #infosec

    #githubsecurity #softwareprotection #secretmanagement #cybersecuritytools #infosec
  23. The DefendOps Diaries @[email protected] ·

    GitHub is shaking up code security after 39 million secrets leaked—now every team can access standalone tools backed by AI and major cloud partners. Curious how this could reshape digital protection?

    thedefendopsdiaries.com/github

    #githubsecurity
    #softwareprotection
    #secretmanagement
    #cybersecuritytools
    #infosec

    #infosec #cybersecuritytools #secretmanagement #softwareprotection #githubsecurity
  24. Winbuzzer @[email protected] ·

    Malware Campaign Exploits GitHub, Infecting Nearly One Million Devices

    #Cybersecurity #GitHub #GitHubSecurity #Malware #CyberCrime #MicrosoftSecurity #OpenSourceSecurity #CyberAttacks #GitHubMalware

    winbuzzer.com/2025/03/10/malwa

    #cybersecurity #github #githubsecurity #malware #cybercrime #microsoftsecurity
  25. Ross A. Baker @[email protected] ·
    CW: GitHub Security and too many ways to sort versions

    We had a vulnerable dependency affecting versions `< 9.4.54` and patched it with `9.4.54.v20240208`. The CVE is declared in the Maven ecosystem, and while this version is correct according to Maven's rules [^1], it does not satisfy the predicate according to SemVer [^2], and the vulnerability scan continues to fire.

    [^1]: maven.apache.org/ref/3.9.9/mav
    [^2] : semver.org/#spec-item-11

    #GitHubSecurity #SemVer

    #githubsecurity #semver
  26. Brian Vermeer @[email protected] ·

    🔒Want to secure your GitHub repositories but don't know where to start? Check out these 10 GitHub Security Best Practices from Snyk! A must-read guide for all developers and DevOps professionals. buff.ly/2IYpaOK #DevSecOps #GitHubSecurity

    #devsecops #githubsecurity
  27. Pyrzout :vm: @[email protected] ·

    GitHub Vulnerability “ArtiPACKED” Trigger RCE Exploit to Hack Repositories cybersecuritynews.com/github-v #CyberSecurityResearch #InformationSecurity #remotecodeexecution #CI/CDPipelines #GitHubSecurity #Vulnerability

    #cybersecurityresearch #informationsecurity #remotecodeexecution #ci #githubsecurity #vulnerability
  28. iam-py-test :transgender_flag: :neocat_flag_lesbian: @[email protected] ·

    GitHub has placed a warning on the PolyfillIO repository (github.com/polyfillpolyfill/po), and has denied access for non-logged in users. The other two repositories owned by that account are unblocked. Dismissing the warning appears to be permanent for an account.

    #PolyfillIo #polyfillIoAttack #GitHubSecurity

    #polyfillio #polyfillioattack #githubsecurity