A new version of Neptune RAT written in Visual Basic.NET is spreading rapidly across many platforms, most notably GitHub, Telegram, and YouTube.CYFIRMA researchers said the creator of the remote access trojan (RAT) made the software available without the source code, intentionally obfuscating the executable files to make analysis more challenging.According to an April 7 post, … Read more
Security researchers are warning that data exposed to the internet, even for a moment, can linger in online generative AI chatbots like Microsoft Copilot long after the data is made private. Thousands of once-public GitHub repositories from some of the world’s biggest companies are affected, including Microsoft’s, according to new findings from Lasso, an Israeli cybersecurity … Read more
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. “In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, … Read more
Palo Alto Networks Unit 42 analysis uncovered a typical downside amongst open-source GitHub tasks that would expose secrets and techniques, and even permit attackers to inject malicious code into GitHub Actions workflows. GitHub Actions workflows usually use secrets and techniques, akin to cloud service and GitHub tokens, to carry out sure actions, and lots of … Read more