Bleeping Computer

Malicious Visual Studio projects on GitHub push Keyzetsu malware

Threat actors are abusing GitHub automation features and malicious Visual Studio projects to push a new variant of the "Keyzetsu" clipboard-hijacking malware and steal cryptocurrency payments. The ...
TechRadar

Jaw-dropping security flaws found in open source code could allow hackers to spirit away entire projects - here's what devs need to know

Sysdig exposed how a trusted GitHub feature can silently hand control to attackers pull_request_target isn’t just risky, it’s a loaded weapon in the wrong hands Even top-tier security projects like ...