A newly identified CloudSorcerer APT group has been exploiting popular cloud services and GitHub for command-and-control (C2) servers, leveraging the vast data and intellectual property stored on these platforms. According to cybersecurity analysts at Kaspersky Lab, the CloudSorcerer group has been active since May 2024, primarily targeting Russian government institutions.
Threat actors are impersonating GitHub’s security and recruitment teams in phishing attacks designed to hijack repositories through malicious OAuth apps. This ongoing extortion campaign has been wiping compromised repositories. Since February, dozens of developers have received deceptive job offers or security alert emails from “[email protected].” These emails were sent after
Whether you’re a blogger, a developer, or fall somewhere between, you’re likely to discover something new and useful in this video. Jeremy Anderberg Isn’t it amazing how you can learn new things about someone, even after years of knowing them? That’s how Jamie Marsland has felt in the last few
Simplify your development workflow on WordPress.com with GitHub Deployments. Say goodbye to the hassle of manual file uploads and tedious deployments, and say hello to WordPress.com’s new GitHub Deployments. With GitHub Deployments, you can seamlessly connect your repository to your WordPress.com site in just a few clicks. Now you can
Jun 22, 2023Ravie LakshmananSupply Chain / Software Security Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday report. The
May 11, 2023Ravie Lakshmanan GitHub has announced the general availability of a new security feature called push protection, which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ago, said it’s also
Mar 24, 2023Ravie LakshmananCloud Security / Programming Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure Git operations “out of an abundance of caution” after it was briefly exposed in a public repository. The activity, which was carried out