CSOonline

GitHub hit by a sophisticated malware campaign as ‘Banana Squad’ mimics popular repos

Attackers use typo-squatting, obfuscation, and fake accounts to slip Python-based malware into open-source projects, raising fresh alarms for OSS supply chain security. A threat group dubbed “Banana ...
Dark Reading

Hackers Post Dozens of Malicious Copycat Repos to GitHub

Cybercriminals continue to sneak malicious repositories onto GitHub. Typosquatting, dependency confusion, and other types of cyberattacks precipitated through malicious packages are old and common ...
Dark Reading

Millions of Malicious Repositories Flood GitHub

Cyberattackers in just the last few months have registered more than 100,000 — but by some estimates more than a million — malicious copycat repositories on GitHub. The "repo confusion" scheme is ...