all InfoSec news
GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
Sept. 28, 2023, 5:22 p.m. | info@thehackernews.com (The Hacker News)
The Hacker News thehackernews.com
"The malicious code exfiltrates the GitHub project's defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code
accounts aim campaign code defined dependabot developers files github github repositories hijacking javascript malicious password passwords project repositories secrets server steal stealing
More from thehackernews.com / The Hacker News
Jobs in InfoSec / Cybersecurity
Network Security Administrator
@ Peraton | United States
IT Security Engineer 2
@ Oracle | BENGALURU, KARNATAKA, India
Sr Cybersecurity Forensics Specialist
@ Health Care Service Corporation | Chicago (200 E. Randolph Street)
Security Engineer
@ Apple | Hyderabad, Telangana, India
Cyber GRC & Awareness Lead
@ Origin Energy | Adelaide, SA, AU, 5000
Senior Security Analyst
@ Prenuvo | Vancouver, British Columbia, Canada