Bleeping Computer

GitHub comments abused to push malware via Microsoft repo URLs

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. While most ...
Bleeping Computer

GitHub comments abused to push password stealing malware masked as fixes

GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. The campaign was first reported by a contributor to the teloxide rust ...
TechRadar

This new phishing strategy utilizes GitHub comments to distribute malware

Github repositories are being infected with malware Trusted repositories can bypass secure web gateways Github comments are also being used to hide malicious files In a new phishing campaign detected ...