Bleeping Computer

GitHub repos bombarded by info-stealing commits masked as Dependabot

Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers. The campaign unfolded in July ...
Dark Reading

Supply Chain Attackers Escalate With GitHub Dependabot Impersonation

In the latest attack to target software supply chains, attackers managed to slip in malicious code updates to hundreds of GitHub repositories by using stolen passcodes to commit changes and then used ...