WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...
InfoQ

AI-Powered Bot Compromises GitHub Actions Workflows Across Microsoft, DataDog, and CNCF Projects

AI-powered bot hackerbot-claw exploited GitHub Actions workflows across Microsoft, DataDog, and CNCF projects over 7 days using 5 attack techniques. Bot achieved RCE in 5 of 7 targets, stole GitHub ...

APT28 hackers deploy customized variant of Covenant open-source tool

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation ...
Redmondmag.com

GitHub Abuse Emerges in Twin Social Engineering Campaigns Spotted by Fortra, Trend Micro

Security researchers are tracking two separate GitHub-related threat campaigns that use the platform's infrastructure in different ways -- one to deliver vishing lures through legitimate GitHub ...
CSO Online

ClickFix attackers using new tactic to evade detection, says Microsoft

Unwitting victims are now being tricked into installing malware via Windows Terminal, but some experts say this is old news. Regardless, they agree that infosec leaders need to educate employees about ...
decrypt

Roblox Is Now Using AI to Rewrite Chat Swears in Real Time

Add Decrypt as your preferred source to see more of our stories on Google. Roblox’s new AI-powered feature rewrites profanity in chat instead of replacing messages with “####.” The system aims to keep ...
decrypt

Marketers Could Use AI to Make Sure You See Their Ads—Here's How

AdGazer is a model that predicts human ad attention using eye-tracking–trained AI. Page context drives up to one-third of ad attention outcomes. An academic demo could quickly evolve into real ad-tech ...