Github Repositories Bombarded by Info-Stealing Commits Masked as Dependabot
Github Repositories Bombarded by Info-Stealing Commits Masked as Dependabot
27 September 2023
The attack involves creating fake commit messages titled "fix" to introduce malware that extracts secrets from targeted repositories and steals passwords from web-form submissions.