The Hacker News (@TheHackersNews)
@TheHackersNews
The #1# trusted source for cybersecurity news, insights, and analysis — built for defenders and trusted by decision-makers.
2K 正在关注 1.3M 粉丝
Update: @SocketSecurity's threat intel team noted a possible link between this GitHub Actions attack and the recent AntV npm compromise.
Both share the same exfil domain (t.m-kosche[.]com) and appear tied to the Mini Shai-Hulud activity cluster.
Reminder: Every tag now points to malicious code.
Quick action: Pin workflows to full commit SHA only. Check yours ASAP.
显示更多
