Ars Technica

GitHub besieged by millions of malicious repositories in ongoing attack

GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency ...
Ars Technica

PyPI halted new users and projects while it fended off supply-chain attack

PyPI, a vital repository for open source developers, temporarily halted new project creation and new user registration following an onslaught of package uploads that executed malicious code on any ...
Bleeping Computer

Malicious NuGet packages drop disruptive 'time bombs'

Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database implementations and Siemens S7 industrial control devices. The embedded malicious ...
Dark Reading

Threat Spotlight: Proportion of Malicious HTML Attachments Doubles Within a Year

The security industry has been highlighting the cybercriminal misuse of HTML for years — and evidence suggests it remains a successful and popular attack tool. Last year we reported that around one-in ...
Dark Reading

Millions at Risk As 'Parrot' Web Server Compromises Take Flight

Threat actors behind a traffic redirect system (TDS) that's been active since October 2021 have ramped up efforts to elude detection and can potentially reach millions of people with malicious scripts ...
Bleeping Computer

Trojan Puzzle attack trains AI assistants into suggesting malicious code

Researchers at the universities of California, Virginia, and Microsoft have devised a new poisoning attack that could trick AI-based coding assistants into suggesting dangerous code. Named 'Trojan ...
CSOonline

Severe Azure HDInsight flaws highlight dangers of cross-site scripting

Security researchers have found eight serious cross-site scripting (XSS) flaws in Azure HDInsight, a big data processing service powered by open-source technologies like Apache Hadoop, Spark, Hive and ...