GitHub – Page 2 – TheCyberThrone

Okta GitHub repository hacked ! Source Code Stolen

GitHub repositories belong to Okta were hacked by threat actors and the source code were stolen Okta temporarily restricted access to GitHub repositories and suspended all GitHub integrations with third-party…

PravinKarthik December 22, 2022

Drokbk Uses GitHub as Dead Drop Resolver

Threat actors from a state-backed Iranian Cobalt Mirage are using a new custom malware dubbed Drokbk to attack a variety of US organizations, using GitHub as a dead-drop resolver. MITRE…

PravinKarthik December 10, 2022

GitHub New Vulnerability Reporting Scheme

GitHub has introduced a new direct channel for security researchers to report vulnerabilities in public repositories. This needs to be manually enabled by repository maintainers and, once active, enables security…

PravinKarthik November 15, 2022

Dropbox Breach ! 130 code repositories stolen

As per the latest blogpost by Dropbox security team, revealed that they were breached on October 13, 2022. Threat actors used employee login information they had obtained through phishing to…

PravinKarthik November 2, 2022

Github 35K Malicious Code Insertions

A threat actor with a name "Pl0xP" cloned a large number of GitHub repositories and changed the cloned repository names, in a typosquatting effort to impersonate legitimate projects. The widespread cloning…

PravinKarthik August 4, 2022

Heroku detailed Investigation report on GitHub OAuth Token Theft

Salesforce platform-as-a-service provider Heroku has revealed that the April hack, which saw OAuth tokens for Microsoft GitHub integration downloaded by a threat actor, went further than initially thought, with customer…

PravinKarthik May 7, 2022

GitHub Plans for MFA mandatory by 2023 yearend

GitHub plans to introduce MFA as a mandatory requirement for any user who contributes code on the platform by the end of 2023. The platform owned by Microsoft has a…

PravinKarthik May 6, 2022

Harming NPM Packages for illicit Activity

Researchers at Aqua’s Team Nautilus published a security advisory on the issue of hijacking developers of Open-source software, which allowed threat actors to masquerade a malicious NPM package as legitimate…

PravinKarthik May 4, 2022