Published on: 2025-05-13 03:07:21
A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 customers. The actor tried to extort the company by threatening to publish 37GB of data that includes backups and details about the company’s cloud infrastructure and internal applications. Europcar Mobility Group is a subsidiary of Green Mobility Holding that operates the Eu
Keywords: actor code company europcar repositories
Find related items on AmazonPublished on: 2025-06-06 22:34:57
The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the supply chain attack. Despite the small number, the potential security repercussions are still significant as some repositories are very popular and could be used in further supply chain attacks. That said, owners of exposed repositories must take immediate action to rotate their secrets before atta
Keywords: action endor github repositories secrets
Find related items on AmazonPublished on: 2025-06-14 08:36:11
A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code. "Security Alert: Unusual Access Attempt We have detected a login attempt on your GitHub account that appears to be from a new location or device," reads the GitHub phishing issue. All of the GitHub phishing issues contain the same text, warning users that their
Keywords: access github oauth read repositories
Find related items on AmazonPublished on: 2025-07-05 21:06:50
Kaspersky Global Research & Analysis Team (GReAT) discovered hundreds of open source repositories with multistaged malware targeting gamers and cryptoinvestors within a new campaign that was dubbed by Kaspersky as GitVenom. The infected projects include an automation instrument for interacting with Instagram accounts, a Telegram bot that enables the remote management of Bitcoin wallets and a crack tool to play the Valorant game. All of this alleged project functionality was fake, and cybercrimin
Keywords: code kaspersky malicious repositories research
Find related items on AmazonPublished on: 2025-07-07 18:14:15
Tangled is a new social-enabled Git collaboration platform, built on top of the AT Protocol. We envision a place where developers have complete ownership of their code, open source communities can freely self-govern and most importantly, coding can be social and fun again. There are several models for decentralized code collaboration platforms, ranging from ActivityPub’s (Forgejo) federated model, to Radicle’s entirely P2P model. Our approach attempts to be the best of both worlds by adopting a
Keywords: code decentralized knots repositories tangled
Find related items on AmazonPublished on: 2025-07-08 11:18:30
Hello, We are writing to inform you of a security incident. Due to a two-factor authentication (2FA) misconfiguration on an employee’s account, an unauthorized user gained access to certain Zapier code repositories. Normally, this would not impact our customers. Out of an abundance of caution, we audited the contents of the repositories, and we found that in isolated instances, certain customer information had been inadvertently copied to the repositories for debugging purposes. We became awar
Keywords: access authentication data repositories unauthorized
Find related items on AmazonPublished on: 2025-07-10 18:43:44
Microsoft’s Copilot AI assistant is exposing the contents of more than 20,000 private GitHub repositories from companies including Google, Intel, Huawei, PayPal, IBM, Tencent and, ironically, Microsoft. These repositories, belonging to more than 16,000 organizations, were originally posted to GitHub as public, but were later set to private, often after the developers responsible realized they contained authentication credentials allowing unauthorized access or other types of confidential data.
Keywords: copilot lasso microsoft private repositories
Find related items on AmazonPublished on: 2025-07-15 10:45:16
A malware campaign dubbed GitVenom uses hundreds of GitHub repositories to trick users into downloading info-stealers, remote access trojans (RATs), and clipboard hijackers to steal crypto and credentials. According to Kaspersky, GitVenom has been active for at least two years, targeting users globally but with an elevated focus on Russia, Brazil, and Turkey. "Over the course of the GitVenom campaign, the threat actors behind it have created hundreds of repositories on GitHub that contain fake
Keywords: files github gitvenom kaspersky repositories
Find related items on AmazonGo K’awiil is a project by nerdhub.co that curates technology news from a variety of trusted sources. We built this site because, although news aggregation is incredibly useful, many platforms are cluttered with intrusive ads and heavy JavaScript that can make mobile browsing a hassle. By hand-selecting our favorite tech news outlets, we’ve created a cleaner, more mobile-friendly experience.
Your privacy is important to us. Go K’awiil does not use analytics tools such as Facebook Pixel or Google Analytics. The only tracking occurs through affiliate links to amazon.com, which are tagged with our Amazon affiliate code, helping us earn a small commission.
We are not currently offering ad space. However, if you’re interested in advertising with us, please get in touch at [email protected] and we’ll be happy to review your submission.