The Hacker News

🚨 Attackers are targeting enterprise admins with fake tools and running control through #Ethereum smart contracts. Malware spreads via SEO-poisoned #GitHub repos, then pulls live C2 from blockchain. No domains to block. Access lands on high-privilege systems. 🔗 Learn how this campaign turns search results into enterprise breaches → https://thehackernews.com/2026/04/etherrat-distribution-spoofing.html

🛑 ALERT - Trivy, a popular open-source vulnerability scanner, was compromised after attackers hijacked 75 version tags in #GitHub Actions to deliver an infostealer. It ran in CI pipelines, stealing creds and tokens, then exfiltrating data or staging it via stolen GitHub PATs. 🔗 Attack flow, impacted versions, fixes → https://thehackernews.com/2026/03/trivy-security-scanner-github-actions.html

⚠️ A flaw in #GitHub Codespaces let attackers hide malicious Copilot instructions inside a GitHub issue. When a developer opened a Codespace from that issue, Copilot could silently run the injected prompt and leak a privileged GITHUB_TOKEN. The research also warns of “promptware” attacks built entirely through prompts. 🔗 Exploit Details → https://thehackernews.com/2026/02/roguepilot-flaw-in-github-codespaces.html