Dark Reading

Hackers Hide Remcos RAT in GitHub Repository Comments

Trusted and widely used software development and collaboration platforms like GitHub and GitLab have become both targets of and vehicles for a growing range of malicious activity. The latest ...
Bleeping Computer

GitHub comments abused to push password stealing malware masked as fixes

GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. The campaign was first reported by a contributor to the teloxide rust ...
GeekWire

GitHub adds emoji reactions to help developers keep their comments on track

An emoji might not be worth a thousand words, but it can do a better job than words at getting some messages across. GitHub, the popular code repository hosting service, is harnessing the power of ...
TechRadar

This new phishing strategy utilizes GitHub comments to distribute malware

Github repositories are being infected with malware Trusted repositories can bypass secure web gateways Github comments are also being used to hide malicious files In a new phishing campaign detected ...
The Next Web

GitHub wants you to shut up, so it added emoji reactions

There may soon be a lot less comments on GitHub, and that’s a good thing. Today, the company is introducing emoji reactions for comments, pull requests and issues — just as you find in chat services ...
TechRadar

Lumma Stealer malware linked as project fixes in GitHub comments

Cybercriminals have found yet another way to infect software developers with malware - through comments on GitHub projects. Whenever a developer uploads a project to GitHub, other community members ...
Dark Reading

Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments

Hackers are using unpublished GitHub and GitLab comments to generate phishing links that appear to come from legitimate open source software (OSS) projects. The clever trick, first described by Sergei ...