Beware: GitHub’s Fake Popularity Scam Tricking Developers into Downloading Malware

April 10, 2024 at 09:15AM Threat actors are leveraging GitHub’s search feature to dupe users into downloading malicious code by creating fake repositories with popular names. The attackers manipulate search rankings and use fake stars to deceive users. Researchers warn of the ongoing threat to the open-source ecosystem and emphasize the need for caution when … Read more

Snyk Acquires Helios for Runtime Visibility

January 17, 2024 at 07:36AM Snyk, a developer-focused security company, has acquired Helios, a startup specializing in runtime application troubleshooting. This acquisition will enhance Snyk’s “cloud-to-code risk visibility” by combining Helios’ runtime data collection with the Snyk Developer Security Platform. The integration will provide Snyk customers with improved asset discovery, issue identification, and risk prioritization. … Read more

Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI

November 8, 2023 at 08:27AM A set of malicious Python packages, disguised as obfuscation tools, have been discovered on the Python Package Index (PyPI) repository. The packages contain a malware called BlazeStealer, which allows attackers to gain control over compromised systems. The campaign began in January 2023 and includes eight packages. The malware can steal … Read more