Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New Relic’s cyber-something revealed as attack on staging systems, some users
December 4, 2023
Nine days after issuing a vaguely worded warning about a possible cyber security incident, web tracking and analytics outfit New Relic has revealed a two-front attack.… One front was the vendor’s staging systems, which it has admitted were compromised in mid-November after an “unauthorized actor used stolen credentials and social engineering in connection with a New ...
- Hellhounds: Operation Lahat
November 30, 2023
In 2023, Positive Technologies Computer Security Incident Response Team (PT CSIRT) discovered that a certain power company was compromised by the Decoy Dog trojan. According to the PT CSIRT investigation, Decoy Dog has been actively used in cyberattacks on Russian companies and government organizations since at least September 2022. This trojan was previously discussed by NCIRCC, Infoblox, ...
- Booking.com hackers increase attacks on customers
November 30, 2023
Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 (£1,600) for login details of hotels as they continue to target the people who are staying with them. Since at least March, customers have been tricked into sending money to ...
- Japan space agency server likely hit by unauthorized access attack
November 29, 2023
Japan’s space agency was likely hit by an unauthorized access attack to a network server, the government said Wednesday, adding the incident did not involve sensitive information pertaining to rockets or satellites. Sources close to the matter said the Japan Aerospace Exploration Agency was not aware that the breach may have occurred sometime during the summer ...
- GoTitan Botnet – Ongoing Exploitation on Apache ActiveMQ
November 28, 2023
This past October, Apache issued a critical advisory addressing CVE-2023-46604, a vulnerability involving the deserialization of untrusted data in Apache. On November 2, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-46604 to its known exploited list, KEV Catalog, indicating this vulnerability’s high risk and impact. Fortiguard Labs also released an outbreak alert and a threat ...
- Hacker claims to have hit General Electric and stolen company data
November 27, 2023
A hacker with the alias IntelBroker claims to have breached General Electric and stolen plenty of sensitive data from the company’s systems. The company operates in different fields, including aerospace, renewable energy, power, venture capital, and more. The hacker posted a new thread on an underground forum, selling access to the company’s “development and software pipelines” ...