#github-security

[ follow ]
#malware-distribution #ai-search-manipulation #credential-theft #emerging-technology-exploitation #api-keys
Information security
fromTheregister
8 hours ago

Malware-laced OpenClaw installers get Bing AI search boost

Scammers exploited OpenClaw's popularity by creating fake installers on GitHub that appeared in Bing AI search results, distributing information stealers and malware to unsuspecting users.
fromTheregister
3 months ago

AI companies keep publishing private API keys to GitHub

"Some of these leaks could have exposed organizational structures, training data, or even private models," said Wiz threat researchers Shay Berkovich and Rami McCarthy in a blog post. The secrets consist of API keys, tokens, and other digital credentials that are supposed to be kept out of code commits to git repos. But as the security biz noted last month, developers of VS Code extensions keep making their secrets known, a problem that McCarthy has attributed in part to vibe coding.
Information security
Information security
fromInfoWorld
6 months ago

A wake-up call for identity security in devops

OAuth app permissions often lack centralized visibility and governance, enabling attackers to abuse authorized tokens to access code, secrets, and pivot across infrastructure.
Privacy technologies
fromArs Technica
7 months ago

GitHub abused to distribute payloads on behalf of malware-as-a-service

Malware-as-a-service operators have exploited GitHub to distribute malicious software, posing challenges for organizations relying on the platform.
[ Load more ]