Researchers used GitHub Gists to host malware and sent malicious commands through the platform’s commit messages, according to threat research team ReversingLabs. Hackers disguised malicious code as libraries for network proxying. To avoid detection, they encoded the harmful URLs using Base64. The researchers encouraged developers and security teams to deploy sophisticated tools that use detailed binary analysis to ensure robust software supply chain security.
Week in review: Claude Mythos finds 271 Firefox flaws, Vercel breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines
