#GitHubFlaw

GitLab affected by GitHub-style CDN flaw allowing malware hosting

by

April 22, 2024 at 11:10AM Threat actors are exploiting a GitHub and GitLab flaw to distribute malware via URLs associated with legitimate repositories, creating convincing lures. This issue also affects GitLab, allowing malware to be pushed via comments. Examples show how malware files were made to appear linked to reputable organizations. The flaw remains unaddressed … Read more

GitHub comments abused to push malware via Microsoft repo URLs

by

April 20, 2024 at 05:07PM Threat actors are exploiting a GitHub flaw to distribute malware through URLs connected to a Microsoft repository, giving the files an appearance of legitimacy. This vulnerability can be abused with any public repository on GitHub, allowing for convincing lures. Despite attempts by McAfee and others to address this issue, the … Read more