GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say
ID: 2a7dc550-1067-520f-8839-88907dd59a37
STIX ID: report--2a7dc550-1067-520f-8839-88907dd59a37
Feed Name: The Record from Recorded Future News
Recorded Future coverage details how variants of the Shai‑Hulud supply‑chain worm have been linked to hundreds of malicious packages across npm, PyPI and RubyGems, more than 3,000 affected GitHub repositories and over 200 compromised developer accounts; researchers say GitHub design behaviors (client-supplied commit timestamps, forgeable author metadata, and file-size indexing limits) allow the worm to evade detection and impersonate trusted developers, but GitHub classified those reports as ineligible or feature requests.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
