GitHub Package Security Issues

News

GitHub package limit put law firm in security bind

A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public ...

TechRadar2mon

Hundreds of GitHub repositories hijacked to trick users into downloading malware

Cybersecurity researchers Kaspersky have iscovered a longstanding, widespread criminal campaign targeting software developers with information-stealing malware. Kaspersky said it observed hundreds ...

Computing3mon

Lazarus Group hiding malware in GitHub and open-source packages

The group slips “undetectable” malware into GitHub ... packages disguised as legitimate DeepSeek AI libraries were removed from PyPI after extracting sensitive credentials from developers ...

Bleeping Computer3y

Open source 'Package Analysis' tool finds malicious npm, PyPI packages

The Open Source Security Foundation (OpenSSF ... the open source project released on GitHub, was able to identify over 200 malicious npm and PyPI packages. This week, OpenSSF released its ...

CNN3y

Microsoft issues urgent security warning: Update your PC immediately

They published a proof-of-concept online by mistake and subsequently deleted it – but not before it was published elsewhere online, including developer site GitHub. Microsoft (MSFT) warned that ...

Computing2mon

GitHub supply-chain attack threatens 23,000 organisations

The compromised commit contained base64-encoded instructions to download Python code which would then scan the memory of the GitHub Runner for credentials. The issue is tracked as CVE-2025-30066.

Some results have been hidden because they may be inaccessible to you

Show inaccessible results