Cybercriminals exploit YouTube and GitHub to distribute crypto malware through hijacked accounts, fake repositories and malicious links disguised as legitimate content.

Copilot exposes private GitHub pages, some removed by Microsoft Repositories, once set to public and later to private, still accessible through Copilot.

A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed ...

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers ...

Private and deleted GitHub repositories are not as secure as users might assume. Data from deleted forks, deleted repositories, and private repositories can still be accessed, often indefinitely.

A threat group dubbed “Banana Squad,” active since April 2023, has trojanized more than 60 GitHub repositories in an ongoing campaign, offering Python-based hacking kits with malicious payloads.