A security researcher discovered approximately 10,000 GitHub repositories actively distributing Trojan malware. The findings highlight a significant gap in code repository security and the platform's malware detection capabilities.
The repositories were identified as part of a broader investigation into malware distribution channels on major code-sharing platforms. The Trojans found across these repos pose risks to developers who download or fork the infected code, potentially compromising their systems and projects.
GitHub, owned by Microsoft, relies on automated scanning and user reports to detect malicious content. However, the scale of this discovery suggests malware operators have found effective methods to evade these detection systems, whether through obfuscation techniques or by mimicking legitimate project structures.
The researcher's findings have drawn attention on Hacker News, generating discussion about platform security responsibilities and best practices for code review. GitHub has not yet issued a public statement regarding the scope of the problem or remediation efforts.
The discovery underscores ongoing security challenges in open-source ecosystems, where the collaborative nature of code sharing creates opportunities for malicious actors to distribute threats at scale.
Let's Encrypt experienced widespread certificate renewal failures today, according to the service status page. The incident affected numerous users attempting to renew their SSL certificates.
Microsoft has identified a lightweight backdoor malware that targets cryptocurrency wallets and spreads via USB drives. The malware, known as Crypto Clipper, communicates through the Tor network to evade detection.
India's government told the Delhi High Court that Telegram acknowledged its inability to proactively detect channels selling leaked exam papers. The platform was warned two weeks before being blocked in the country.
Australia's communications regulator will require businesses to register their SMS and MMS sender identities. The move aims to combat spam and fraudulent messaging.