BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion.
A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy.
Discord will switch to temporary file links for all users by the end of the year to block attackers from using its CDN (content delivery network) for hosting and pushing malware.
Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN.
Major websites around the world are either completely down or not loading properly in a global outage.
These Google-owned domains have confused even the most skilled researchers and security products time and time again if these are malicious. The domains in question are redirector.gvt1.com and gvt1/gvt2 subdomains that have spun many threads on the internet. BleepingComputer has dug deeper into the origin of these domains.
Malware developers and attackers are abusing the Discord chat service by using it to host their malware, act as command and control servers, or by modifying the chat client to perform malicious behavior.
Details have emerged about a new class of web cache poisoning attacks that could be used to deny users access to resources delivered through a content delivery network (CDN).
Cybercriminals appear to have an obsession with abusing GitHub and GitHub-related services to hide in-browser cryptocurrency mining scripts that they later use on hacked sites.
Hackers are hiding malicious code inside the metadata fields of images hosted on Google's official CDN (content delivery network) —googleusercontent.com.
Security experts from MindPoint Group, an information security firm, have hijacked over 2,000 subdomains from legitimate websites while researching possible security flaws in Amazon's CloudFront CDN service.
Popular ad-blocking browser extension AdBlock has added a new feature that will cache popular JavaScript libraries locally on the users' computers.