GitHub

2 minute read

New Vidar 2.0 Infostealer Spreads via Fake Game Cheats on GitHub, Reddit

The new infostealer campaign spreads Vidar 2.0 via fake game cheats on GitHub and Reddit, stealing crypto, login tokens, and files while targeting young gamers ignoring security warnings

byDeeba Ahmed

March 17, 2026

2 minute read

17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware

Bitdefender Labs reveals that 17% of OpenClaw AI skills analyzed in February 2026 are malicious. With over 160,000…

byDeeba Ahmed

February 6, 2026

3 minute read

Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan

Cybersecurity firm Ontinue reveals how the open-source tool Nezha is being used as a Remote Access Trojan (RAT) to bypass security and control servers globally.

byDeeba Ahmed

December 22, 2025

2 minute read

GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware

A GitHub repository posing as a vulnerability scanner for CVE-2025-55182, also referred to as “React2Shell,” was exposed as…

byWaqas

December 15, 2025

PromptPwnd Vulnerability Exposes AI driven build systems to Data Theft

2 minute read

Security

PromptPwnd Vulnerability Exposes AI driven build systems to Data Theft

Aikido Security exposes a new AI prompt injection flaw in GitHub/GitLab pipelines, letting attackers steal secrets. Major companies affected.

byDeeba Ahmed

December 5, 2025

Chinese Tech Firm Leak Reportedly Exposes State Linked Hacking

2 minute read

Security

Chinese Tech Firm Leak Reportedly Exposes State Linked Hacking

A massive data leak reportedly at Chinese firm Knownsec (Chuangyu) exposed 12,000 files detailing state-backed 'cyber weapons' and spying on over 20 countries. See the details, including 95GB of stolen Indian immigration data.

byDeeba Ahmed

November 14, 2025

3 minute read

Fake NPM Package With 206K Downloads Targeted GitHub for Credentials (UPDATED)

Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation's code.

byDeeba Ahmed

November 11, 2025

3 minute read

Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns

Astaroth banking trojan has evolved to use GitHub and steganography for resilient C2, hiding its vital commands in images. Learn how this sophisticated malware employs fileless techniques to steal banking and crypto credentials from users across Latin America.

byDeeba Ahmed

October 14, 2025

2 minute read

New Shai-hulud Worm Infecting npm Packages With Millions of Downloads

ReversingLabs discovers “Shai-hulud,” a self-replicating computer worm on the npm open-source registry. Learn how the malware steals developer…

byDeeba Ahmed

September 17, 2025

GhostAction Attack Steals 3,325 Secrets from GitHub Projects

2 minute read

Security

GhostAction Attack Steals 3,325 Secrets from GitHub Projects

GhostAction supply chain attack hit 817 GitHub repositories, stealing 3,325 secrets including npm, PyPI, and DockerHub tokens.

byWaqas

September 6, 2025

The Latest

Hacker Group LAPSUS$ Claims Alleged AstraZeneca Data Breach

Why Image Format Conversion Is Becoming a Practical Issue in Web Security and Performance

New Fake Zoom Meeting Invite Scam Spreads Malware on Windows PCs

CISO Whisperer Names 11 Vendors Leading the Shift from Tools to Outcomes at RSA Conference 2026

GitHub

New Vidar 2.0 Infostealer Spreads via Fake Game Cheats on GitHub, Reddit

17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware

Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan

GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware

PromptPwnd Vulnerability Exposes AI driven build systems to Data Theft

Chinese Tech Firm Leak Reportedly Exposes State Linked Hacking

Fake NPM Package With 206K Downloads Targeted GitHub for Credentials (UPDATED)

Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns

New Shai-hulud Worm Infecting npm Packages With Millions of Downloads

GhostAction Attack Steals 3,325 Secrets from GitHub Projects

SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft

Orchid Security Recognized by Gartner® as a Representative Vendor of Guardian Agents

GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub

Kevuru Games Outlines the Shift Toward Flexible Art Production in the Games Industry

AI-HealthTech Innovator Humata Health Partners with AccuKnox for Zero Trust CNAPP