image credit: Needpix

Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack

June 22, 2023

Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed.

This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday report.

The supply chain vulnerability, also known as dependency repository hijacking, is a class of attacks that makes it possible to take over retired organizations or user names and publish trojanized versions of repositories to run malicious code.

Read More on The Hacker News