Compromised GitHub Action Highlights Risks in CI/CD Supply ChainsA popular GitHub Action was compromised, exposing critical security weaknesses in the CI/CD pipeline of open-source Actions.
'GitVenom' campaign uses dodgy GitHub repositories to spread malwareSecurity researchers warn of a campaign using GitHub to distribute malware through fake repositories.Threat actors created over 200 repositories with malicious code, misleading README files, and diverse programming languages.
Hackers abuse AI code assistants with hidden instructionsResearchers uncover a new attack method that manipulates AI systems using configuration files, leading to undetected malicious code.
Entry points threaten multiple open-source ecosystemsEntry points in programming packages are a security vulnerability that attackers can exploit to execute malicious code without immediate detection.
Hackers take over Google Chrome extensions in cyberattackHackers compromised multiple Chrome extensions to steal sensitive user data through a phishing attack on developers during the Christmas season.
New 'Rules File Backdoor' Attack Lets Hackers Inject Malicious Code via AI Code EditorsResearchers reveal a new supply chain attack vector targeting AI code editors that injects malicious code through hidden instructions.
WordPress.org to require two-factor authentication for plugin developersWordPress.org will require two-factor authentication for developers to enhance security and prevent the spread of malicious code.
'GitVenom' campaign uses dodgy GitHub repositories to spread malwareSecurity researchers warn of a campaign using GitHub to distribute malware through fake repositories.Threat actors created over 200 repositories with malicious code, misleading README files, and diverse programming languages.
Hackers abuse AI code assistants with hidden instructionsResearchers uncover a new attack method that manipulates AI systems using configuration files, leading to undetected malicious code.
Entry points threaten multiple open-source ecosystemsEntry points in programming packages are a security vulnerability that attackers can exploit to execute malicious code without immediate detection.
Hackers take over Google Chrome extensions in cyberattackHackers compromised multiple Chrome extensions to steal sensitive user data through a phishing attack on developers during the Christmas season.
New 'Rules File Backdoor' Attack Lets Hackers Inject Malicious Code via AI Code EditorsResearchers reveal a new supply chain attack vector targeting AI code editors that injects malicious code through hidden instructions.
WordPress.org to require two-factor authentication for plugin developersWordPress.org will require two-factor authentication for developers to enhance security and prevent the spread of malicious code.
Apiiro tools detect malicious code before they cause damageApiiro's research highlights the prevalence of malicious code in software repositories and underscores the need for improved security measures.