GitHub says that when other users would download any of the 26 projects, the malware would behave like a self-spreading virus and infect their local computers.

Threat actors are abusing GitHub automation features and malicious Visual Studio projects to push a new variant of the "Keyzetsu" clipboard-hijacking malware and steal cryptocurrency payments.

Malicious actors are making hundreds of fake projects on GitHub aiming to snare private info through crypto and credential-stealing malware, says Kaspersky.

Main target of the takedown was the youtube-dl project, a Python library that had amassed more than 72k stars on GitHub and was used in many YouTube video ripping tools and services.

GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and ...

Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack.