github

SlowMist has issued a security alert, detecting an active npm supply chain attack targeting @redhat-cloud-services related packages. Currently, over 31 packages have been confirmed affected, with a weekly download volume of approximately 116,000 times, and stolen credentials exist in more than 300 GitHub repositories. This attack method is highly similar to the previous "Shai-Hulud" npm attack, including credential theft, creation of malicious repositories, and automated secret leakage. New suspicious repositories continue to emerge, indicating that the attack is still ongoing, and developers are still being continuously infected.Potential harms include: theft of GitHub/npm tokens, leakage of AWS/GCP/Azure cloud credentials, collection of SSH keys and Kubernetes secrets, leakage of local environment and wallet data, creation of malicious repositories and persistence operations, and even potentially destructive actions after tokens are revoked. It is recommended to immediately remove or downgrade affected @redhat-cloud-services package versions, conduct a comprehensive audit of CI/CD workflows and dependency installations, rotate all GitHub, npm, cloud service, SSH, and wallet-related keys, retain logs, and rebuild exposed developer machines or Runners from clean images while maintaining a high level of vigilance.

According to GoPlus monitoring, the hacker group TeamPCP claims to have obtained the source code from about 4,000 private repositories within GitHub and is selling it for $50,000 on underground forums, offering sample verification. If no one buys it, this batch of data may be publicly released for free later.Previously, GitHub officials confirmed that they are investigating the issue of "unauthorized access to internal repositories," suspecting that malicious VS Code/AI Coding plugins were installed on GitHub employee devices.

According to the threat intelligence released by Slow Fog, several high-frequency npm packages including AntV and Echarts-for-react, as well as the Python SDK durabletask, have recently been targeted by the Mini Shai-Hulud "mini sandworm" supply chain attack. The npm account atool was compromised, and the attacker automatically published 637 malicious versions within 22 minutes, affecting 317 packages. The attacker continuously uploaded durabletask versions 1.4.1, 1.4.2, and 1.4.3 within 35 minutes, bypassing normal release controls and impersonating an official Microsoft release.The large-scale leak of GitHub tokens and the ransomware attack on Grafana Labs are likely related to this supply chain attack. Affected components include high-frequency components such as AntV and Echarts-for-react in the npm ecosystem, as well as Python packages durabletask 1.4.1, 1.4.2, and 1.4.3. Attackers can steal cloud and local credentials, gain unauthorized access to internal repositories and sensitive cloud infrastructure, move laterally to developer machines and CI/CD pipelines, sell and exploit leaked GitHub tokens, and implement ransom and data leak threats.Slow Fog recommends immediately rotating all exposed credentials, replacing affected packages, isolating potentially infected systems, and implementing strict dependency review policies. Previously, it was reported that the "mini sandworm" worm had recently completed widespread infection in open-source code repositories, and developers should be vigilant in checking for issues.

GitHub has updated the details of the investigation into the unauthorized access incident of its internal repositories: GitHub detected and contained an incident yesterday involving an employee's device being compromised, which involved a maliciously implanted VS Code extension. GitHub removed the malicious extension, isolated the affected terminals, and immediately initiated an incident response. Current assessments show that only GitHub's internal repositories experienced data exfiltration, and the approximately 3,800 repositories claimed by the attackers are roughly consistent with the investigation results. GitHub has prioritized rotating critical credentials, is analyzing logs, verifying credential rotations, and monitoring subsequent activities, with a complete report to be released after the investigation is concluded.Additionally, Slow Mist's Chief Information Security Officer 23pds commented on this incident, stating: "By analyzing leaks from cybercrime forums, hackers may have used Anthropic's Mythos security AI to precisely breach GitHub's defenses and steal information from about 4,000 core internal repositories: including the source code for Copilot, the algorithms for CodeQL, the Actions runtime, and the entire billing system. Further analysis of this code could lead to subsequent attacks, having a profound security impact on the integration of the open-source community."

In response to the unauthorized access event of the internal code repository disclosed by GitHub, Zhao Changpeng reminded, "If the code contains an API Key, even if it is in a private repository, it should be reviewed and replaced immediately."

GitHub has officially stated that it is investigating an unauthorized access incident involving its internal code repository. GitHub claims that there is currently no evidence to suggest that customer data stored in enterprise, organization, or code repositories outside the GitHub platform has been affected, but the company is continuously monitoring its infrastructure to prevent further abnormal activities.GitHub stated that if it is later confirmed that user data or services are affected, it will notify customers through existing incident response and notification channels.

The open-source data visualization tool Grafana stated on platform X that it recently discovered an unauthorized attacker had obtained a token that could access the Grafana Labs GitHub environment and used it to download the code repository.An investigation confirmed that this incident did not involve customer data or personal information leakage, and no impact on customer systems or business operations was found. After the incident, forensic analysis was immediately initiated, and it is believed that the source of the credential leak has been identified. Additional security measures have also been deployed to strengthen environmental protection.Furthermore, Grafana disclosed that the attacker attempted to demand a ransom to prevent the code repository from being made public, but the company ultimately decided to refuse to pay the ransom and will release more information about the incident review after the investigation is completed.

Tencent's PR Director Zhang Jun stated today that on March 30, the WeChat Work CLI open-source project was launched on the GitHub community, opening up seven core product capabilities including messaging, scheduling, documents, smart forms, meetings, to-do lists, and contacts, supporting mainstream AIAgents (such as ClaudeCode, Codex, WorkBuddy, QClaw, etc.) for invocation.Developers can leverage these capabilities to enable AIAgents to understand and utilize WeChat Work's features in a more natural way, quickly developing AI applications that are more aligned with everyday office scenarios.

According to market news, the security platform OX Security has disclosed that the developers of the AI agent project OpenClaw are becoming targets of cryptocurrency phishing activities.Attackers create fake GitHub accounts, initiate topics in repositories controlled by them, and @ dozens of developers, claiming they have won a $5000 CLAW token reward, leading them to a clone website that is almost identical to openclaw.ai. This phishing site includes a "Connect Wallet" button, aimed at stealing the assets of connected wallets. Malicious code is hidden in deeply obfuscated JavaScript files, featuring a "nuke" function that clears browser local storage data to hinder forensic analysis, and encodes information such as wallet addresses and transaction values to send back to the C2 server. Researchers identified a suspected cryptocurrency wallet address used to receive stolen funds. The related accounts were created last week and deleted within hours, with no confirmed victims at this time. OpenClaw has become a target for scammers due to its high visibility, and its Discord community has previously encountered a large amount of cryptocurrency spam. Earlier reports indicated that OpenClaw's founder warned to be cautious of cryptocurrency scam emails sent in the name of OpenClaw.

OpenClaw founder Peter Steinberger criticized the GitHub security vulnerability reporting process for multiple issues. He pointed out that currently, vulnerability reports are only accessible to administrators, making it difficult for teams to effectively distribute and collaborate on handling them.In addition, GitHub's API functionality for vulnerability reporting is insufficient, as it cannot read or post comments through automated agents, which limits the automation capabilities of the security response process. Peter Steinberger also specifically noted that the current vulnerability reports are filled with a large amount of low-quality AI-generated content, requiring hours to sift through, further increasing the burden of security handling work.

Pump.fun announces the launch of the GitHub creator fee sharing feature. Users can now allocate creator fees to any GitHub account through the Pump.fun mobile app. More social features are coming soon.

ClawdBot (now renamed Moltbot) founder Peter Steinberger posted on social media that the issue of his GitHub account being hijacked has been resolved, and this issue only affected personal accounts, not organizational accounts. He specifically reminded users to be wary of about 20 impersonating X scam accounts.

According to a report by The Paper, it has recently been reported that Tencent has officially sent a complaint letter to GitHub (the world's largest code hosting and collaboration platform), requesting the removal of a batch of open-source projects that "allow users to export or analyze their WeChat chat records." Among them, some project leaders who are more concerned have publicly stated that, under legal pressure, the projects have been forced to cease maintenance.In response, Tencent stated that some open-source projects that read WeChat chat records have cracked the local database keys through reverse engineering of the WeChat client, bypassing the encryption measures of the WeChat client, which threatens the data privacy and client security of users and third parties, and can easily be exploited by black and gray industries.

Solana co-founder Anatoly Yakovenko stated at the Solana Breakpoint conference, "What I love most is that decentralization is not about the absence of leaders, but rather the rich emergence of leaders. Over the past five years, so many people have stepped up—people from the foundation, from Labs, as well as community members, builders of applications and protocols who are not part of these initial organizations—they have truly taken on leadership roles for the entire network.As it has developed to this point, I don't even have commit access on GitHub anymore, and it only took me two minutes to speak on stage. My goal is to sit in the audience—I feel that this means seeing the entire network truly mature and have its own life. I am very proud of this."

ChainCatcher news, according to 0xkatz.era, Gitcoin has encountered fake phishing announcements, with attackers sending spam messages to a large number of users through the GitHub native notification system.Affected users found that the page was no longer accessible when clicking on the related organization link. Some users have reported the account and related issues to GitHub, warning the community to stay vigilant and prevent phishing risks.

ChainCatcher news, according to the Slow Mist security team, on July 2, a victim reported that they used an open-source project hosted on GitHub ------ zldp2002/solana-pumpfun-bot the day before, and subsequently their crypto assets were stolen. After analysis by Slow Mist, it was found that in this attack, the attacker disguised themselves as a legitimate open-source project (solana-pumpfun-bot) to lure users into downloading and running malicious code. Under the guise of boosting the project's popularity, users unknowingly ran a Node.js project with malicious dependencies, leading to the leakage of wallet private keys and asset theft. The entire attack chain involved multiple GitHub accounts working in coordination, expanding the scope of dissemination and enhancing credibility, making it highly deceptive. At the same time, such attacks combine social engineering and technical means, making it difficult to completely defend against them within organizations.Slow Mist advises developers and users to be highly vigilant about unknown GitHub projects, especially when it involves wallet or private key operations. If debugging is indeed necessary, it is recommended to run and debug in an isolated environment that does not contain sensitive data.

ChainCatcher news, according to OpenAI Developers, ChatGPT now supports connecting to GitHub repositories for deep research. Users can ask questions and have the AI analyze source code and PR records, generating detailed reports with citations.This feature is initiated through the "deep research → GitHub" entry point, aimed at enhancing developers' code understanding and review efficiency.

ChainCatcher message, Slow Mist Cosine posted on platform X stating that a supply chain attack on Coinbase was carried out using the GitHub Actions CI/CD mechanism. Fortunately, it did not continue successfully; otherwise, the next security incident exposed would have been against Coinbase. The supply chain attack path on GitHub: reviewdog/action-setup -> tj-actions/changed-files -> coinbase/agentkit -> stealing GitHub Personal Access Token (PAT), cloud service-related keys, etc. Cosine suggests that if companies use reviewdog or tj-actions, they should conduct a self-check.