News

CSO Online4d
GitHub hit by a sophisticated malware campaign as ‘Banana Squad’ mimics popular repos
Attackers use typo-squatting, obfuscation, and fake accounts to slip Python-based malware into open-source projects, raising ...
Bleeping Computer7mon
GitHub projects targeted with malicious commits to frame researcher - BleepingComputer
GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and ...
Infosecurity Magazine5d
Banana Squad’s Stealthy GitHub Malware Campaign Targets Devs
Discovered by ReversingLabs, the campaign reflects a shift in open-source software supply chain attacks. While overall ...
ZDNet4y
Open source: Almost one in five bugs are planted for malicious purposes
Microsoft-owned GitHub, the world's largest platform for open-source software, has found that 17% of all vulnerabilities in software were planted for malicious purposes. GitHub reported that ...
Computer Weekly2y
15-year-old Python bug present in 350,000 open source projects
A 15-year-old vulnerability in the open source Python programming language is still finding its way into live code, with the result that over 350,000 projects are at risk of potential supply chain ...