GitHub

‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking

2 minute read

Security

‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking

Novee Security reveals Cordyceps, a CI/CD vulnerability in GitHub Actions workflows that let anonymous users poison builds and expose tokens across major projects today.

byDeeba Ahmed

June 23, 2026

3 minute read

Scammers Use Fake GitHub Stars, VirusTotal Reviews to Spread Crypto Clipper

A multi-platform malware campaign abuses fake trust signals to infect Windows and Mac users with a crypto clipper packed with 15,500 attacker wallets.

byDeeba Ahmed

June 22, 2026

2 minute read

Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account

32 Red Hat npm packages compromised by Miasma malware expose cloud tokens, CI/CD secrets and developer credentials in supply chain attack.

byDeeba Ahmed

June 5, 2026

2 minute read

5,561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours

SafeDep uncovered the Megalodon attack targeting 5,561 GitHub repositories with malicious CI workflows and cloud credential theft.

byDeeba Ahmed

May 22, 2026

GitHub Hacked: TeamPCP Steals 3,800 Code Repositories via VS Code Extension

3 minute read

GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension

GitHub Breach: TeamPCP stole 3,800 internal repositories through a malicious VS Code extension and is now selling the data online for $95,000.

byDeeba Ahmed

May 20, 2026

Grafana Says It Rejected Ransom Demand After Source Code Theft

2 minute read

Data Breaches

Grafana Says It Rejected Ransom Demand After Source Code Theft

Grafana says hackers stole its source code after accessing a GitHub token, but no customer data or systems were affected.

byWaqas

May 17, 2026

2 minute read

Google Says Hackers Used AI to Develop a Zero-Day Exploit

Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.

byDeeba Ahmed

May 11, 2026

2 minute read

Google Fixes CVSS 10 Gemini CLI Vulnerability Enabling GitHub Issue-Based RCE

Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise.

byDeeba Ahmed

May 6, 2026

3 minute read

Hackers Use Hidden Website Instructions in New Attacks on AI Assistants

Cybersecurity researchers at Forcepoint uncover new indirect prompt injection attacks that use hidden website code to exploit AI assistants like GitHub Copilot.

byDeeba Ahmed

April 23, 2026

2 minute read

New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files

Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data.

byDeeba Ahmed

April 17, 2026

The Latest

Internet Society Foundation Opens Global Call for Common Good Cyber Fund to Strengthen Cybersecurity

LastPass Confirms Customer Data Breach After Klue OAuth Token Theft

‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking

The Rise of AI-Powered Academic Fraud: Beyond Traditional Plagiarism

GitHub

‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking

Scammers Use Fake GitHub Stars, VirusTotal Reviews to Spread Crypto Clipper

Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account

5,561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours

GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension

Grafana Says It Rejected Ransom Demand After Source Code Theft

Google Says Hackers Used AI to Develop a Zero-Day Exploit

Google Fixes CVSS 10 Gemini CLI Vulnerability Enabling GitHub Issue-Based RCE

Hackers Use Hidden Website Instructions in New Attacks on AI Assistants

New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files

Internet Society Foundation Opens Global Call for Common Good Cyber Fund to Strengthen Cybersecurity

Gcore Helps Ucom Safeguard Public Live Broadcast Infrastructure During Armenia’s Parliamentary Elections

eFAQ Publishes Investigation Into Alleged Scam Activity and Coordinated Reputation Attacks

SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies

Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It