Bleeping Computer

Linux wiper malware hidden in malicious Go modules on GitHub

A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. The campaign was detected last month and relied on three malicious Go modules that ...

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...
TechRadar

Dangerous Linux wiper malware hidden within Go modules on GitHub

Three Golang modules on GitHub were found containing dangerous malware The malware was designed to wipe the entire disk of a Linux server It was removed from the platform Dangerous Linux malware, ...
SecurityWeek

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.
Dark Reading

10 Major GitHub Risk Vectors Hidden in Plain Sight

Risk vector: Package managers like npm, pip, Maven, and Go modules all enable pulling dependencies directly from GitHub repositories instead of official registries. Attack surface: Using mutable ...
TheServerSide

How to create Git submodules in GitHub and GitLab by example

Community driven content discussing all aspects of software development from DevOps to design patterns. In a previous git submodules tutorial, I added submodules to a stand-alone repository. There was ...
TheServerSide

How to SSH into GitHub on Windows example

Community driven content discussing all aspects of software development from DevOps to design patterns. To start, store a public SSH key on GitHub. This is validated against a locally stored private ...