GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware. [...]Source: GitHub warns of Lazarus hackers targeting devs with malicious projects
// Related reporting
Stryker ‘Handala’ incident: global Microsoft environment disruption and reported remote device wipes
Disruptive Iran-nexus hacktivist operation claims large-scale data destruction as Stryker restores services and CISA investigates.
Storm-2561 pushes fake VPN installers via SEO poisoning to steal enterprise credentials
A credential theft operation uses lookalike VPN download sites and GitHub-hosted ZIPs to drop signed malware that harvests VPN logins and configuration data.
BadPaw and MeowMeow: steganographic .NET malware hits Ukrainian targets
A ClearSky report details a new loader and backdoor pair, and Scythe shows how to operationalise it as continuous adversary emulation.