Bleeping Computer

GitHub notifications abused to impersonate Y Combinator for crypto theft

A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program. Y Combinator is a startup accelerator that funds ...
Dark Reading

Attackers Use Phony GitHub Pages to Deliver Mac Malware

An emerging threat campaign is using targeted SEO poisoning to hit Mac users with infostealers. According to LastPass blog post authors Alex Cox, Mike Kosak, and Stephanie Schneider, threat actors are ...
Ars Technica

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. “Sorry everyone, I should ...