Bleeping Computer

Millions of GitHub repos likely vulnerable to RepoJacking, researchers say

Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of ...
Dark Reading

Millions of Repos on GitHub Are Potentially Vulnerable to Hijacking

Millions of enterprise software repositories on GitHub are vulnerable to repojacking, a relatively simple kind of software supply chain attack where a threat actor redirects projects that are ...
SecurityWeek

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

Orca has discovered a supply chain attack that abuses GitHub Issue to take over Copilot when launching a Codespace from that ...
Geeky Gadgets

Why your private GitHub repos may not be as secure as you think

Private and deleted GitHub repositories are not as secure as users might assume. Data from deleted forks, deleted repositories, and private repositories can still be accessed, often indefinitely. This ...
Dark Reading

Millions of Malicious Repositories Flood GitHub

Cyberattackers in just the last few months have registered more than 100,000 — but by some estimates more than a million — malicious copycat repositories on GitHub. The "repo confusion" scheme is ...
Ars Technica

GitHub besieged by millions of malicious repositories in ongoing attack

GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency ...