#malware-exfiltration

[ follow ]
#supply-chain-attacks #github-actions #cicd-credential-theft #cloud-metadata-services #vs-code-extensions
Information security
fromThe Hacker News
5 days ago

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Megalodon used forged CI workflow commits to exfiltrate CI secrets, cloud credentials, tokens, keys, and configuration data from thousands of GitHub repositories within hours.
Information security
fromThe Hacker News
1 week ago

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

A compromised Nx Console VS Code extension silently installs a credential-stealing payload via an orphan commit, exfiltrating secrets and adding a macOS backdoor.
[ Load more ]