BreachForums

Megalodon chums the waters in 5.5K+ GitHub repo poisonings

Election interlopers register 5K+ domains, hope to catch some voting phish

The biggest threat to America’s midterm elections in November likely isn’t foreign attackers hacking US voting machines. Phishing and election-official impersonation are the bigger risks, according to Check Point, which documented more than 5,000 election-themed domains registered between April and May. These domains can be used by attackers for phishing, impersonation, fraud, misinformation, or influence activity, especially when coupled with about 17,000 exposed credentials associated with...

Miasma worms its way onto GitHub as attack kit goes open source

As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire Miasma worm supply-chain attack toolkit, likely using previously compromised developers' accounts to publish GitHub repositories containing the self-spreading malware’s source code over the last 24 hours. SafeDep, a company focused on open source supply chain security that developed Package Management Guard (PMG), spotted the malicious repos, named...