Found 3 bookmarks
Custom sorting
wget to Wipeout: Malicious Go Modules Fetch Destructive Payload
wget to Wipeout: Malicious Go Modules Fetch Destructive Payload
Socket's research uncovers three dangerous Go modules that contain obfuscated disk-wiping malware, threatening complete data loss. The Go ecosystem, valued for its simplicity, transparency, and flexibility, has exploded in popularity. With over 2 million modules available, developers rely heavily on public repositories like GitHub. However, this openness is precisely what attackers exploit. No Central Gatekeeping: Developers freely source modules directly from GitHub repositories, trusting the naming conventions implicitly. Prime Target for Typosquatting: Minimal namespace validation enables attackers to masquerade malicious modules as popular libraries. Introduction: The Silent Threat# In April 2025, we detected an attack involving three malicious Go modules which employ similar obfuscation techniques: github[.]com/truthfulpharm/prototransform github[.]com/blankloggia/go-mcp github[.]com/steelpoor/tlsproxy Despite appearing legitimate, these modules contained highly obfuscated code designed to fetch and execute remote payloads. Socket’s scanners flagged the suspicious behaviors, leading us to a deeper investigation.
#socket.dev#EN#2025#Wipeout#github#Payload#GO#research#Developers#supply-chain-attack
·socket.dev·
wget to Wipeout: Malicious Go Modules Fetch Destructive Payload
CVE-2025-32955: Security mechanism bypass in Harden-Runner Github Action
CVE-2025-32955: Security mechanism bypass in Harden-Runner Github Action
The Sysdig Threat Research Team (TRT) has discovered CVE-2025-32955, a now-patched vulnerability in Harden-Runner, one of the most popular GitHub Action CI/CD security tools. Exploiting this vulnerability allows an attacker to bypass Harden-Runner’s disable-sudo security mechanism, effectively evading detection within the continuous integration/continuous delivery (CI/CD) pipeline under certain conditions. To mitigate this risk, users are strongly advised to update to the latest version. The CVE has been assigned a CVSS v3.1 base score of 6.0.
#sysdig#CVE-2025-32955#EN#2025#research#vulnerabilty#CI/CD#Harden-Runner#GitHub#Action
·sysdig.com·
CVE-2025-32955: Security mechanism bypass in Harden-Runner Github Action
Stargazers Ghost Network
Stargazers Ghost Network
  • Check Point Research identified a network of GitHub accounts (Stargazers Ghost Network) that distribute malware or malicious links via phishing repositories. The network consists of multiple accounts that distribute malicious links and malware and perform other actions such as starring, forking, and subscribing to malicious repositories to make them appear legitimate. This network is a highly sophisticated operation that acts as a Distribution as a Service (DaaS). It allows threat actors to share malicious links or malware for distribution through highly victim-oriented phishing repositories. Check Point Research is tracking the threat group behind this service as Stargazer Goblin. The group provides, operates, and maintains the Stargazers Ghost Network and distributes malware and links via their GitHub Ghost accounts. The network distributed all sorts of malware families, including Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer, and RedLine. Our latest calculations suggest that more than 3,000 active Ghost accounts are part of the network. Based on core GitHub Ghost accounts, we believe that the network began development or testing on a smaller scale for the first time around August 2022. Check Point Research discovered an advertiser in Dark-Web forums that provides the exact GitHub operation. The first advertisement was published on July 8, 2023, from an account created the previous day. Based on the monitored campaigns from mid-May to mid-June 2024, we estimate that Stargazer Goblin earned approximately $8,000. However, we believe that this amount is only a small fraction of what the actor made during that period. The total amount during the operations’ lifespan is estimated to be approximately $100,000. * Stargazers Ghost Network appears to be only one part of the grand picture, with other Ghost accounts operating on different platforms, constructing an even bigger Distribution as a Service universe.
#checkpoint#EN#2024#research#Stargazers#Ghost#Network#GitHub#dark-web
·research.checkpoint.com·
Stargazers Ghost Network