The Hacker News1d
GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
(CVE-2025-25291, CVE-2025-25292) allow SAML authentication bypass (CVSS 8.8). Update to versions 1.12.4 or 1.18.0 now.
GitLab patches critical authentication bypass vulnerabilities
GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among ...
TechCrunch on MSN16d
Thousands of exposed GitHub repos, now private, can still be accessed through Copilot
For some affected companies, Copilot could be prompted to return confidential GitHub archives that contain intellectual property, sensitive corporate data, access keys, and tokens, the company said.
Microsoft8d
Malvertising campaign leads to info stealers hosted on GitHub
Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally. The attack originated from illegal streaming websites embedded with ...
TechCrunch16d
Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot
For some affected companies, Copilot could be prompted to return confidential GitHub archives that contain intellectual property, sensitive corporate data, access keys, and tokens, the company said.
North Korean Lazarus hackers infect hundreds via npm packages
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group ...
Opinion
The Register on MSN16dOpinion
200-plus impressively convincing GitHub repos are serving up malware
Infosec bytes Kaspersky says it has found more than 200 GitHub repos hosting fairly convincing-looking fake projects laced with malicious software.
CSO Online7d
Linux, macOS users infected with malware posing as legitimate Go packages
Threat actors are typosquatting popular Go packages such as Hypert and Layout to drop malware on Linux and macOS systems.