all InfoSec news
Persistent Threat: New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk
Malware Analysis, News and Indicators - Latest topics malware.news
A new vulnerability has been discovered that could allow an attacker to exploit a race condition within GitHub’s repository creation and username renaming operations. This technique could be used to perform a Repojacking attack (hijacking popular repositories to distribute malicious code). This finding marks the fourth time a unique method was identified that could potentially bypass GitHub’s “Popular repository namespace retirement” mechanism. The vulnerability has been reported to GitHub and has been fixed.
Key Findings
- A novel vulnerability was discovered, …
attack attacker code exploit github github repositories hijacking malicious operations persistent persistent threat popular race race condition repojacking repositories repository risk threat username vulnerability