Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Major data leak forum dismantled in global action against cybercrime forum
March 4, 2026
A major online forum for stolen data has been dismantled following an international operation coordinated by Europol. The forum, known as LeakBase, had established itself as a central hub in the cybercrime ecosystem, specialising in the trade of leaked databases and so-called “stealer logs” – archives of stolen credentials harvested through infostealer malware. Accessible on the ...
- CIMB refutes claims of data breach involving 1.2 million records
March 4, 2026
CIMB Group Holdings Bhd has given assurance that claims circulating online about a data breach involving its customers are false and that customer data continues to be protected. The financial services provider said on social media platform X that its security teams have verified that all systems are secure and that customer data remains fully safeguarded. ...
- Europol, Microsoft, TrendAI and Collaborators Halt Tycoon 2FA Operations
March 4, 2026
Researchers from TrendAI have been tracking the infrastructure, as well as the campaigns and operator behaviors that can be linked to Tycoon 2FA to build a clearer picture of how its services was being used at scale. By November 2025, TrendAI had collected enough data to link the operation to an actor using the monikers “SaaadFridi” ...
- Hacktivists may have just cracked open ICE and exposed over 6,000 companies working with the DHS
March 3, 2026
A hacktivist group has claimed to have broken into systems belonging to the US Department of Homeland Security (DHS) and exposed sensitive files online. The group, with the self-awarded name “The Department of Peace”, stole data from the Office of Industry Partnership that contained contracts between DHS, Immigration and Customs Enforcement (ICE), and over 6,000 private ...
- Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild
March 3, 2026
Large language models (LLMs) and AI agents are becoming deeply integrated into web browsers, search engines and automated content-processing pipelines. While these integrations can expand functionality, they also introduce a new and largely underexplored attack surface. One particularly concerning class of threats is indirect prompt injection (IDPI), in which adversaries embed hidden or manipulated instructions within ...
- LexisNexis hacked, 2 GB of structured data allegedly exposed
March 3, 2026
The hacker group FulcrumSec is taking responsibility for a data breach of information from LexisNexis. The group claims to have hacked into the LexisNexis servers on Feb. 24. It posted about the hack and alleged it got access to over 2 gigabytes of structured data. “We exfiltrated 2.04 GB of structured data from LexisNexis AWS infrastructure ...