GitHub a été la cible d'une cyberattaque importante impliquant des commits contenant des logiciels malveillants. L'opération Megalodon a touché plus de 5 000 dépôts.
L'assaut contre la plateforme a permis d'introduire du code malveillant via des commits dans un grand nombre de dépôts. Il a été identifié comme une imitation d'une campagne antérieure connue sous le nom de TeamPCP.
Rapporté par l'IA Image générée par IA
A critical Linux vulnerability known as CopyFail, tracked as CVE-2026-31431, allows attackers to gain root access on systems running kernels since 2017. Publicly released exploit code has heightened risks for data centers and personal devices. Ubuntu's infrastructure has been offline for over a day due to a DDoS attack, hampering security communications.
Seventy-three Microsoft open source packages were compromised late last week with malware that steals credentials from cloud services and developer tools. The malicious code activates when opened in AI coding agents.
Rapporté par l'IA
Attackers have created a fake OpenAI repository on Hugging Face that has reached the top spot but installs infostealer malware.
A new report indicates that most companies have released software containing known security flaws. The problem is especially pronounced with AI-created code, which exceeds the speed of manual fixes.
Rapporté par l'IA
Developer platform Socket has identified a malware known as TrapDoor that is targeting crypto and AI developers.