all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

Add to bookmarks
Sept. 28, 2023, 5:22 p.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers.
"The malicious code exfiltrates the GitHub project's defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code

accounts aim campaign code defined dependabot developers files github github repositories hijacking javascript malicious password passwords project repositories secrets server steal stealing

Visit resource

More from thehackernews.com / The Hacker News

Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities an hour ago | thehackernews.com
actor apt28 campaign cyber +24
Expert-Led Webinar - Uncovering Latest DDoS Tactics and Learn How to Fight Back 21 hours ago | thehackernews.com
address attacks back business +22
Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications 21 hours ago | thehackernews.com
abusing aim amp api +25
New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data 23 hours ago | thehackernews.com
address applications business corporate +15
NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources 1 day ago | thehackernews.com
advisory agency alert cybersecurity +22
Google Announces Passkeys Adopted by Over 400 Million Accounts 1 day, 3 hours ago | thehackernews.com
accounts easy fingerprint google +8
Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks 1 day, 5 hours ago | thehackernews.com
address aruba aruba networks arubaos +34
Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw 1 day, 20 hours ago | thehackernews.com
android android apps app applications +32
Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million 1 day, 22 hours ago | thehackernews.com
attacks hacker national pay +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Network Security Administrator

@ Peraton | United States
View on infosec-jobs.com

IT Security Engineer 2

@ Oracle | BENGALURU, KARNATAKA, India
View on infosec-jobs.com

Sr Cybersecurity Forensics Specialist

@ Health Care Service Corporation | Chicago (200 E. Randolph Street)
View on infosec-jobs.com

Security Engineer

@ Apple | Hyderabad, Telangana, India
View on infosec-jobs.com

Cyber GRC & Awareness Lead

@ Origin Energy | Adelaide, SA, AU, 5000
View on infosec-jobs.com

Senior Security Analyst

@ Prenuvo | Vancouver, British Columbia, Canada
View on infosec-jobs.com
View more jobs