all InfoSec news
Fraudulent Dependabot commits leveraged for malicious code injection
Sept. 28, 2023, 6:56 p.m. | SC Staff
SC Magazine feed for Strategy www.scmagazine.com
Hundreds of GitHub repositories have been targeted with fraudulent commits purportedly from GitHub's free automated dependency management tool Dependabot in a bid to facilitate malicious code injections and exfiltrate sensitive project data exfiltration, reports SecurityWeek.
automated code code injection data data exfiltration dependabot dependency exfiltration fraudulent free github github repositories injection malicious management project reports repositories sensitive third-party-code tool
More from www.scmagazine.com / SC Magazine feed for Strategy
Jobs in InfoSec / Cybersecurity
Security Specialist
@ Nestlé | St. Louis, MO, US, 63164
Cybersecurity Analyst
@ Dana Incorporated | Pune, MH, IN, 411057
Sr. Application Security Engineer
@ CyberCube | United States
Linux DevSecOps Administrator (Remote)
@ Accenture Federal Services | Arlington, VA
Cyber Security Intern or Co-op
@ Langan | Parsippany, NJ, US, 07054-2172
Security Advocate - Application Security
@ Datadog | New York, USA, Remote