November 12, 2024 at 12:52PM Researchers identified a tool named GoIssue on a cybercrime forum aimed at GitHub users for bulk credential theft and malicious activities. It automates email harvesting from GitHub profiles for phishing campaigns. Potentially linked to an earlier extortion campaign, it enhances risks for developers, urging vigilance against suspicious communications. ### Meeting … Read more
November 5, 2024 at 11:32AM A typosquatting campaign is targeting developers through similar-named malicious JavaScript npm packages, leading to info-stealing malware. Originating in October, it employs Ethereum smart contracts for command and control, complicating detection. Researchers emphasize the need for stricter package management and authentication to protect development environments from these attacks. Here are the … Read more
May 16, 2024 at 09:35AM Google has announced new security features for Android 15 and Google Play Protect to block scams, fraud, and malware apps on devices. Also, there will be tools and policies to help developers build safer apps. The features include protection against banking malware and spyware, as well as features to protect … Read more
April 12, 2024 at 07:36AM GitHub search results are being manipulated by threat actors to infect developers with persistent malware, Checkmarx warns. Attackers create malicious repositories with popular names and boost their search rankings using automated updates and fake stars. Unsuspecting users are lured to these repositories, unaware of the hidden dangers. Checkmarx stresses the … Read more