Bleeping Computer

LofyGang hackers built a credential-stealing enterprise on Discord, NPM

The 'LofyGang' threat actors have created a credential-stealing enterprise by distributing 200 malicious packages and fake hacking tools on code hosting platforms, such as NPM and GitHub. Researchers ...
HotHardware

How LofyGang Is Using Discord, YouTube And GitHub In A Massive Credential Stealing Attack

Researchers at the cybersecurity firm Checkmarx have managed to map out a complex web of criminal activity that all ties back to a threat actor known as LofyGang. This group of cybercriminals caters ...
Bleeping Computer

A mishandled GitHub token exposed Mercedes-Benz source code

A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. Mercedes-Benz is a prestigious German car, bus, and truck ...
CoinTelegraph

Report: GALA token exploit resulted from public leak of private key on GitHub

It appears that the leaked private key caused a change of ownership in the compromised smart contract 70 days prior. According to a new post by blockchain security firm SlowMist on Nov. 7, it appears ...
TechRadar

A GitHub token leak could have put the entire Python language at risk

What if the Python programming language itself was malicious? It would be the most devastating supply chain attack in human history - but it almost happened after an important GitHub token was ...
CoinTelegraph

How to use GitHub, Discord, and X to find hidden crypto gems early

Hype moves fast, but real crypto innovation is quieter. Use GitHub, Discord and X to spot legitimate projects before they moon or rug. Real crypto projects show consistent GitHub activity, open ...