Bad actors took over a npm maintainer account and have published two malicious packages designed to steal credentials, API keys, and other secrets from the computers of victims who download them from the repository. Analysts with Sonatype’s Security Research Team wrote in a report that the two packages – sbx-mask and touch-adv – likely are […]
Attackers Testing New Strain of Shai-Hulud on npm: Aikido
Threat actors behind the virulent Shai-Hulud worm that wreaked havoc in open npm repositories toward the end of 2025 apparently are trying out a new strain that comes with slight modifications. Security researchers with Aikido Security, who have been tracking Shai-Hulud for months, wrote in a report that was updated January 2 that there doesn’t […]
Typosquat Supply Chain Attack Targets Go Developers
A backdoor that impersonates a widely used database module in the popular Go programming language can give hackers control of infected systems, according to a senior threat intelligence analyst with developer-focused platform provider Socket. The malicious package, which the threat actor first published in November 2021 and remains in the Go Module Proxy, typosquats the […]
Fake Stars in GitHub a Growing Security Threat, Analysis Finds
There was a surge of inauthentic stars on code repositories in 2024, ramping up the threat of software supply chain attacks.
More Than 3,000 ‘Ghost’ Accounts Spreading Malware on GitHub
GitHub and similar open-source code and project repositories have become a common target of cybercriminals looking to lure developers into unknowingly downloading malicious scripts.
Why Do You Need GitHub Backup?
You’ve probably heard the joke that there are two types of people in IT: Those who do backups and those who will start. Though it’s still valid, this joke has become less relevant to businesses and professionals. The IT industry has been increasing expenditures on security for years, and backup is a critical area. However, […]
Using Netflix’s HubCommander to Automate GitHub Organizations
Netflix owes a great deal of its exponential growth to its phenomenal tech stack. Throttling its content through a single internal API, the company was able to deliver content agnostic of device type and quickly disrupt its contemporary competitors in the consumer entertainment industry. We’re intrigued, then, when Netflix exposes some of its internal architecture […]