SecurityWeek

Over 100 GitHub Repositories Distributing BoryptGrab Stealer

Distributed through over 100 GitHub repositories, the BoryptGrab stealer targets browser, wallet, system, and other user data ...
Security Boulevard

Latest OpenClaw Security Risk: Fake GitHub Repositories Used to Deploy Infostealers

More OpenClaw security woes. Huntress researchers say bad actors convinced users to download a bogus installer for the AI personal assistant that deployed infostealers by hosting it in a malicious ...

Hackers exploit OpenClaw to spread malware via GitHub - and a little help from Bing

OpenClaw's popularity is proving to be a great vessel for malware distribution, especially when it's advertised via Bing.
Security Boulevard

Beware of fake OpenClaw installers, even if Bing points you to GitHub

Bing search results pointed victims to GitHub repositories claiming to host OpenClaw installers, but in reality they installed malware.
ZDNet

GitHub security alerts now support PHP projects

Since the Dependency Graph feature is intertwined with the Security Alerts (Vulnerability Alerts) feature, this also means GitHub users will also be eligible to receive automatic security alerts for ...
TechRepublic

How GitHub Is Securing the Software Supply Chain

A surge in supply chain attacks has put open-source software risk, prompting GitHub to strengthen security across its npm ecosystem. The company, which operates the world’s largest code repository, is ...
ZDNet

GitHub launches 'Security Lab' to help secure open source ecosystem

Today, at the GitHub Universe developer conference, GitHub announced the launch of a new community program called Security Lab that brings together security researchers from different organizations to ...
Bleeping Computer

GitHub now supports security keys when using Git over SSH

GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts. Researchers at North Carolina State University (NCSU) found [PDF ...