Dark Reading

GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead

A widespread AI-assisted campaign promoting an OpenClaw Docker deployer package is spreading more than 300 Trojanized GitHub packages targeting developers and gamers alike with a data-stealing Trojan.
Dark Reading

10 Major GitHub Risk Vectors Hidden in Plain Sight

Risk vector: Package managers like npm, pip, Maven, and Go modules all enable pulling dependencies directly from GitHub repositories instead of official registries. Related:Cyber Pioneers Ponder Past ...
Ars Technica

GitHub besieged by millions of malicious repositories in ongoing attack

GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency ...