News
Would you block a PR that changes Git Hub Actions contents permission from read to write?
2+ day, 12+ hour ago (158+ words) A sandbox PR changed one Git Hub Actions workflow permission: The base branch had: That is the concrete case I am trying to calibrate. What matters to me is that this did not depend on an LLM noticing the change....
Claude Code runs a Git Hub repo's hidden malware without verification, giving attackers full control
3+ day, 8+ hour ago (206+ words) the-decoder. com Claude Code runs a Git Hub repo's hidden malware without verification, giving attackers full control Security researchers at 0 DIN, Mozilla's Gen AI bug bounty platform, found a new attack vector targeting developers' machines. Through a normal-looking Git Hub…...
Git Hub Actions Raises Checkout Security
3+ day, 1+ hour ago (108+ words) Programming book reviews, programming tutorials, programming news, C#, Ruby, Python, C, C++, PHP, Visual Basic, Computer book reviews, computer history, programming history, joomla, theory, spreadsheets and more....
Cyber Worm "Miasma" Poisons Git Hub, Open-Source Ecosystem And AI Coding Tools
3+ day, 10+ hour ago (361+ words) Open Source For You The highly contagious "Miasma" software supply chain worm is aggressively compromising developer environments by hijacking Git Hub Actions workflows and planting malicious configuration hooks that weaponise local AI coding agents. The Miasma malware campaign represents a…...
Hijacked npm packages use VS Code auto-run tasks to deploy malware " 4sysops
3+ day, 9+ hour ago (21+ words) Security researchers have identified a supply chain attack involving hijacked npm packages that bypass traditional security hardening by avoiding standard lifec...
Active Exploitation Alert: Miasma Malware Campaign Targets npm Packages and Git Hub Actions in Major Supply Chain Attack
3+ day, 11+ hour ago (429+ words) Rescana Active Exploitation Alert: Miasma Malware Campaign Targets npm Packages and Git Hub Actions in Major Supply Chain Attack The Miasma malware campaign represents a critical escalation in supply chain attacks targeting the Java Script ecosystem, specifically npm packages and…...
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
3+ day, 8+ hour ago (553+ words) Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and mac OS hosts. "This attack avoids the most common npm execution paths…...
How a Clean Git Hub Repo Tricks Your AI Coding Agent Into Running Malware
4+ day, 5+ hour ago (907+ words) The Eastern Herald How a Clean Git Hub Repo Tricks Your AI Coding Agent Into Running Malware SAN FRANCISCO " The repository contained no malicious code. Not a single line. A researcher from Mozilla's Zero Day Investigative Network cloned it, opened…...
Read your own Git Hub Actions secret back (when base64 gets masked too)
4+ day, 7+ hour ago (142+ words) Git Hub deliberately won't show you a secret's value after it's saved " you can only overwrite it. Usually that's fine. But sometimes the value you stored is the only surviving copy of something you need back " a signing password, an…...
Hundreds of Open Source Projects Exposed to CI/CD Attack Pattern
4+ day, 13+ hour ago (336+ words) Novee Security identifies "Cordyceps" flaw across Git Hub workflows, warning that misconfigured automation could enable code execution and credential theft at scale Image courtesy Novee Security A new supply chain vulnerability pattern could be quietly affecting hundreds of open source…...