July 24, 2024 at 04:38PM A threat actor named “Stargazer Goblin” is using a new tactic to distribute malware by leveraging GitHub. They use a large network of inauthentic accounts to make malicious repositories appear legitimate. The operation involves starring, forking, and subscribing to the repositories to make them seem credible. The group also distributes … Read more
April 30, 2024 at 05:02PM Docker removed 3 million imageless public repositories from Docker Hub following a discovery by JFrog researchers. The repositories were found to contain links to malicious websites. JFrog highlighted the need for increased moderation on the platform. The attackers exploited a policy loophole that allowed them to include links in description … Read more
April 30, 2024 at 01:32PM Since early 2021, three large-scale campaigns targeted Docker Hub users by planting millions of repositories containing malware and phishing sites. JFrog researchers discovered that 20% of Docker Hub’s 15 million repositories had malicious content. They identified nearly 4.6 million repositories with no Docker images, linked to three major malicious campaigns. … Read more
April 10, 2024 at 09:15AM Threat actors are leveraging GitHub’s search feature to dupe users into downloading malicious code by creating fake repositories with popular names. The attackers manipulate search rankings and use fake stars to deceive users. Researchers warn of the ongoing threat to the open-source ecosystem and emphasize the need for caution when … Read more