#MaliciousCommits

GitHub projects targeted with malicious commits to frame researcher

by

November 16, 2024 at 10:34AM GitHub projects, including Exo Labs, have faced malicious commits and pull requests aimed at injecting backdoors. This has raised concerns about the attackers’ motives and the security of such repositories. **Meeting Takeaways:** 1. **Security Threat Identification**: There is an ongoing concern regarding malicious commits and pull requests targeting GitHub projects. … Read more

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files

by

April 12, 2024 at 11:39AM XZ Utils backdoor test files were found in liblzma-sys, impacting version 0.3.2, but have since been removed in version 0.3.3. The backdoor allowed remote code execution through SSH and was attributed to a social engineering campaign targeting open-source projects. Multiple organizations have warned of the sophisticated methods used and emphasized … Read more