TechNaduDec 15

Researchers have documented a campaign abusing GitHub repositories themed as OSINT tools, GPT utilities, and developer resources to deliver PyStoreRAT, a modular, multi-stage remote access trojan.

The operation leverages delayed malicious commits, minimal loader stubs, reputation manipulation, and HTA-based execution to reduce early detection. In parallel, a separate RAT campaign demonstrates region- and language-aware targeting logic.

These cases underscore evolving tradecraft around trust abuse and script-based implants.
How are you adapting repository vetting and execution controls in your environment?

Source: https://thehackernews.com/2025/12/fake-osint-and-gpt-utility-github-repos.html

Engage in the discussion and follow TechNadu for measured infosec reporting.

#InfoSec #ThreatIntel #MalwareAnalysis #GitHubSecurity #OpenSourceRisk #TechNadu

DeepSec Conference ☑Nov 16

DeepSec 2025 Talk: GitHub Security at Scale: One Opensource Tool to Rule Them All – Sina Yazdanmehr & Hugo Baccino

Managing GitHub security across all organizations and repositories within a company can be challenging. Mis-configured settings, hard-coded secrets, and outdated d

https://blog.deepsec.net/deepsec-2025-talk-github-security-at-scale-one-opensource-tool-to-rule-them-all-sina-yazdanmehr-hugo-baccino/

#Conference #DeepSec2025 #GitHub #GitHubSecurity #OpensourceTool #Talk

DeepSec 2025 Talk: GitHub Security at Scale: One Opensource Tool to Rule Them All - Sina Yazdanmehr & Hugo Baccino

Managing GitHub security across all organizations and repositories within a company can be challenging. Mis-configured settings, hard-coded secrets, and outdated dependencies often go unnoticed, creating critical security gaps. In this session, we introduce an open source tool built to help companies secure their GitHub environments at scale. The tool runs security posture checks across organization and repository levels, scans for hard-coded secrets, performs Software Composition Analysis (SCA), validates security rule sets, detects misconfigurations, and generates a single comprehensive report. The report not only identifies risks but also provides actionable remediation steps, helping teams prioritize and address issues effectively. By using this tool, companies gain a complete view of their GitHub security posture across all organizations and repositories, making it easier to maintain strong security without adding complexity. This talk is also an open invitationRead More

DeepSec In-Depth Security Conference
The DefendOps DiariesOct 2

Red Hat’s GitHub breach was more than a data leak—it was a wake-up call. A cyber crew snagged 570GB of critical code and sensitive info from giants like the U.S. Navy and Bank of America. Can we really afford to be this vulnerable?

https://thedefendopsdiaries.com/red-hat-github-breach-lessons-from-the-crimson-collective-attack/

#redhatbreach
#githubsecurity
#cyberattack
#authenticationtokens
#incidentresponse

Red Hat GitHub Breach: Lessons from the Crimson Collective Attack

Explore the Red Hat GitHub breach by the Crimson Collective, revealing key lessons on code security, token misuse, and incident response in 2024.

The DefendOps Diaries
TechNaduSep 24

🚨 Fake Malwarebytes, LastPass & 70+ brands abused on GitHub to spread Atomic Stealer (AMOS).
🔹 Fake repos + SEO + sponsored ads = malware installs
🔹 Copy-paste terminal commands (curl … | bash) deliver the payload instantly
🔹 Brands targeted include password managers, fintech apps, and dev tools
⚠️ Another reminder: only trust official developer sites.
💬 Do you think GitHub & Google should be held more accountable for catching these campaigns earlier?

Follow @technadu for #CyberSecurity insights.

#Malware #AtomicStealer #AMOS #Infostealer #MacOS #Malwarebytes #LastPass #GitHubSecurity

The DefendOps DiariesSep 24

GitHub notifications trusted you, right? Now imagine them doubling as a gateway for a Y Combinator scam that stole crypto. One subtle typo in a domain and hackers had developers in their sights. Stay vigilant—this one’s a wake-up call!

https://thedefendopsdiaries.com/github-notifications-abused-in-sophisticated-y-combinator-phishing-campaign/

#githubsecurity
#phishing
#cryptotheft
#socialengineering
#infosec
#web3security
#zerotrust
#cybersecurity
#domainspoofing

GitHub Notifications Abused in Sophisticated Y Combinator Phishing Campaign

Explore how attackers exploited GitHub notifications to impersonate Y Combinator, steal crypto, and what developers can do to defend against phishing.

The DefendOps Diaries
The DefendOps DiariesSep 23

GitHub is shaking up npm security—mandatory 2FA and short-lived, permission-specific tokens could be a game changer against supply-chain attacks. Are we finally outsmarting cyber threats?

https://thedefendopsdiaries.com/github-raises-the-bar-for-npm-security-with-mandatory-2fa-and-granular-access-controls/

#githubsecurity
#npm
#2fa
#supplychainsecurity
#accesscontrol

GitHub Raises the Bar for npm Security with Mandatory 2FA and Granular Access Controls

GitHub boosts npm security with mandatory 2FA, granular access tokens, and trusted publishing to combat supply-chain attacks and protect developers.

The DefendOps Diaries
TechNaduSep 16, 2025

SEO poisoning + GitHub Pages hosting are delivering HiddenGh0st, Winos & kkRAT installers that evade AV (BYOVD), hijack clipboard addresses, and load modular RAT plugins.

Recommended: block disposable TLDs, enforce installer allowlists, monitor startup shortcuts/TypeLib changes, and flag unusual scheduled tasks/process renames. Discuss your mitigations — follow @technadu.

#InfoSec #Malware #ThreatIntel #RAT #SEOpoisoning #GitHubSecurity

The DefendOps DiariesSep 8, 2025

Hackers disguised their way into GitHub by faking security updates—327 accounts, 817 repos, and 3,325 secrets compromised. It’s a stark reminder to double-check every “security patch.”

https://thedefendopsdiaries.com/ghostaction-github-attack-a-wake-up-call-for-software-security/

#githubsecurity
#supplychainattack
#cyberthreats
#infosec
#softwaresecurity

The DefendOps DiariesSep 8, 2025

Salesloft’s GitHub breach is a wake-up call—sophisticated phishing, API loopholes, and insider risks left them exposed. Could your code be next? Dive into the lessons and protect your digital assets before it’s too late.

https://thedefendopsdiaries.com/lessons-from-the-salesloft-github-breach-strengthening-cybersecurity/

#salesloftbreach
#cybersecurity
#githubsecurity
#phishing
#apivulnerabilities

Offensive SequenceSep 8, 2025
🔒 HIGH severity: Salesloft & Drift breach via GitHub compromise and stolen OAuth tokens. Risks include data exposure and lateral movement. Audit & revoke tokens, enforce MFA, monitor access. No CVE. Read more: https://radar.offseq.com/threat/salesloft-drift-breach-traced-to-github-compromise-9684276c #OffSeq #OAuth #GitHubSecurity