GitHub | Breaking Cybersecurity News | The Hacker News

Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. A recent standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. Developed by Lucas Cantor at Intercom, the creators of fin.ai , the workflow makes it easier to determine the severity of a security alert and escalate it seamlessly, depending on the device owner's response. "It's a great way to reduce noise and add context to security issues that are added on our endpoints as well," Lucas explains. In this guide, we'll share an overview of the workflow, plus step-by-step instructions for getting it up and running. The problem - lack of integration between security tools  For security teams, responding to malware threats, analyzing their severity, and identifying the device owner so...

Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times. The compromise, per ReversingLabs , occurred via a GitHub pull request that was opened by a user named Airez299 on June 17, 2025. First released by 7finney in 2022, Ethcode is a VS Code extension that's used to deploy and execute solidity smart contracts in Ethereum Virtual Machine ( EVM )-based blockchains. An EVM is a decentralized computation engine that's designed to run smart contracts on the Ethereum network. According to the supply chain security company, the GitHub project received its last non-malicious update on September 6, 2024. That changed last month when Airez299 opened a pull request with the message "Modernize codebase with viem integration and testing framework." The user claimed to have added a new testing framework with Mocha integration and contract testin...

Unknown threat actors have been observed weaponizing v0 , a generative artificial intelligence (AI) tool from Vercel, to design fake sign-in pages that impersonate their legitimate counterparts. "This observation signals a new evolution in the weaponization of Generative AI by threat actors who have demonstrated an ability to generate a functional phishing site from simple text prompts," Okta Threat Intelligence researchers Houssem Eddine Bordjiba and Paula De la Hoz said . v0 is an AI-powered offering from Vercel that allows users to create basic landing pages and full-stack apps using natural language prompts. The identity services provider said it has observed scammers using the technology to develop convincing replicas of login pages associated with multiple brands, including an unnamed customer of its own. Following responsible disclosure, Vercel has blocked access to these phishing sites. The threat actors behind the campaign have also been found to host other ...

Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years. Some recent reports estimate that 83% of attacks involve compromised secrets . According to reports such as the Verizon DBIR , attackers are more commonly using stolen credentials to gain their initial foothold, rather than exploiting a vulnerability or misconfiguration. Attackers are not just after human identities that they can assume, though. More commonly, they are after Non-Human Identities (NHIs), which outnumber human identities in the enterprise by at least 50 to one . Unlike humans, machines have no good way to achieve multi-factor authentication, and we, for the most part, have been relying on credentials alone, in the form of API keys, bearer tokens, and JWTs.  Traditionally, identity and access management (IAM) has been built on the idea of...

Cybersecurity researchers have uncovered a new campaign in which the threat actors have published more than 67 GitHub repositories that claim to offer Python-based hacking tools, but deliver trojanized payloads instead. The activity, codenamed Banana Squad by ReversingLabs, is assessed to be a continuation of a rogue Python campaign that was identified in 2023 as targeting the Python Package Index (PyPI) repository with bogus packages that were downloaded over 75,000 times and came with information-stealing capabilities on Windows systems. The findings build on a previous report from the SANS's Internet Storm Center in November 2024 that detailed a supposed "steam-account-checker" tool hosted on GitHub, which incorporated stealthy features to download additional Python payloads that can inject malicious code into the Exodus cryptocurrency wallet app and harvest sensitive data to an external server ("dieserbenni[.]ru"). Further analysis of the repository a...

DALL-E for coders? That's the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces "silent killer" vulnerabilities: exploitable flaws that evade traditional security tools despite perfect test performance. A detailed analysis of secure vibe coding practices is available here . TL;DR: Secure Vibe Coding Vibe coding, using natural language to generate software with AI, is revolutionizing development in 2025. But while it accelerates prototyping and democratizes coding, it also introduces "silent killer" vulnerabilities: exploitable flaws that pass tests but evade traditional security tools. This article explores: Real-world examples of AI-generated code in production Shocking stats: 40% higher secret exposure in AI-assisted repos Why LLMs omit security unless explicitly prompted Secure prompting techniques and tool comparisons (GPT-4, Claude, Cursor, etc.) Reg...

A new multi-stage malware campaign is targeting Minecraft users with a Java-based malware that employs a distribution-as-service (DaaS) offering called Stargazers Ghost Network . "The campaigns resulted in a multi-stage attack chain targeting Minecraft users specifically," Check Point researchers Jaromír Hořejší and Antonis Terefos said in a report shared with The Hacker News. "The malware was impersonating Oringo and Taunahi, which are 'Scripts and macros tools' (aka cheats). Both the first and second stages are developed in Java and can only be executed if the Minecraft runtime is installed on the host machine." The end goal of the attack is to trick players into downloading a Minecraft mod from GitHub and deliver a .NET information stealer with comprehensive data theft capabilities. The campaign was first detected by the cybersecurity company in March 2025. What makes the activity notable is its use of an illicit offering called the Stargazers Ghost...

Cybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies on weaponized GitHub repositories to deliver multi-stage malware. "The malware enables data exfiltration (including credentials, browser data, and session tokens), remote access, and long-term persistence on infected systems," Trend Micro researchers Jovit Samaniego, Aira Marcelo, Mohamed Fahmy, and Gabriel Nicoleta said in an analysis published this week. The "broad and sustained" campaign, first spotted last month, set up repositories offering seemingly innocuous penetration testing utilities, such as SMTP email bomber and Sakura-RAT, but harbored within their Visual Studio project configuration files malicious payloads that are designed to siphon sensitive data. Water Curse's arsenal incorporates a wide range of tools and programming languages, underscoring their cross-functional development capabilities to target the supply chain with "develope...

A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. "Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers," Check Point said in a technical report. "The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets." The issue with Discord's invite mechanism is that it allows attackers to hijack expired or deleted invite links and secretly redirect unsuspecting users to malicious servers under their control. This also means that a Discord invite link that was once trusted and shared on forums or social media platforms could unwittingly lead users to malicious sites. Details of the campaign come a little over a month after the ...

Artificial intelligence is driving a massive shift in enterprise productivity, from GitHub Copilot's code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to other services, quietly swelling the population of non‑human identities (NHIs) across corporate clouds. That population is already overwhelming the enterprise: many companies now juggle at least 45 machine identities for every human user . Service accounts, CI/CD bots, containers, and AI agents all need secrets, most commonly in the form of API keys, tokens, or certificates, to connect securely to other systems to do their work. GitGuardian's State of Secrets Sprawl 2025 report reveals the cost of this sprawl: over 23.7 million secrets surfaced on public GitHub in 2024 alone. And instead of making the situation better, repositories with Copilot enabled the leak of secrets 40 percent more often .  NHIs Are Not People Unlike human beings logging into systems, ...

Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half of the equation—is what happens after detection. New research from GitGuardian's State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets discovered in public repositories remain valid for years after detection, creating an expanding attack surface that many organizations are failing to address. According to GitGuardian's analysis of exposed secrets across public GitHub repositories, an alarming percentage of credentials detected as far back as 2022 remain valid today: "Detecting a leaked secret is just the first step," says GitGuardian's research team. "The true challenge lies in swift remediation." Why Exposed Secrets Remain Valid This persistent validity suggests two troubling possibilities: either organizations are unaware their credentials have been exposed (a security visibility problem),...

Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin . "FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io), and layered redirection techniques to target cryptocurrency wallets," security researchers Kenneth Kinion, Sreekar Madabushi, and Tom Hegel said in a technical report shared with The Hacker News. "Victims search for wallet-related queries, click on high-ranking malicious results, land on lure pages, and are redirected to phishing pages that steal their seed phrases." The scale of the campaign is reflected in the fact that over 38,000 distinct FreeDrain sub-domains hosting lure pages have been identified. These pages are hosted on cloud infrastructure lik...