Bleeping Computer

GitHub comments abused to push malware via Microsoft repo URLs

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. While most ...
Dark Reading

'Water Curse' Targets Infosec Pros via Poisoned GitHub Repositories

A newly identified threat group has weaponized GitHub repositories offering what appear to be legitimate pen-testing and other security tools to deliver malware via malicious build scripts and project ...