Threat actors are using GitHub to spread malicious code through popular repositories like Python Package Index (PyPI), according to researchers at ReversingLabs. Cyber criminals are finding new ways to exploit the software supply chain, using methods that evade detection tools. Most recently, hackers have been using GitHub gists to host two-stage malicious payloads and fetching commands from git commit messages. All the malicious PyPI packages have now been removed.
![](https://healsecurity.com/wp-content/uploads/2024/07/group-ibs-threat-intelligence-and-defence-centre-equip-undergraduates-with-sophisticated.jpg)
Group-IB’s Threat Intelligence and Defence Centre Equip Undergraduates with Sophisticated Cybersecurity Technologies to Boost Threat Analysis and Enhance Cyber Resilience for Campus Start-ups
Hey there from the heart of the San Francisco Bay Area! It’s an absolute pleasure to have you back again for our chat on some