Exposed GitHub repos, HaveIBeenPwned adds 244M stolen passwords, Anagram gamifies cybersecurity training
In today's cybersecurity news...
Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot
Security researchers at Israeli cybersecurity company Lasso found that Microsoft Copilot retains access to thousands of once-public GitHub repositories, even after they’ve been set to? private. Using Bing’s cache, Lasso identified over 20,000 affected repositories, exposing sensitive data from major companies like Google, IBM, and Microsoft. Microsoft classified the issue as “low severity.”?
Cellebrite halts product use in Serbia following Amnesty surveillance report
Cellebrite has halted product use in Serbia after Amnesty International’s December 2024 report accused Serbian authorities of misusing its digital forensic tools to target activists and journalists. Amnesty says Serbian police unlawfully extracted data and planted spyware. Amnesty urges Serbia to investigate, hold perpetrators accountable, and implement safeguards before resuming exports of surveillance tech. The report highlights Serbia’s broader crackdown on civil society amid anti-government protests and NGO raids.
New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus
SentinelLABS uncovered a new Ghostwriter cyber campaign targeting Belarusian opposition activists and Ukrainian entities using weaponized Excel documents to deploy a variant of PicassoLoader. Linked to Belarusian state-sponsored group UNC1151, the attack leveraged phishing emails, obfuscated VBA macros, and advanced evasion techniques to deliver second-stage malware. The campaign, tied to Belarus’ 2025 elections, highlights Ghostwriter’s ongoing cyberespionage efforts aligned with Belarusian and Russian interests.
Thanks to today’s episode sponsor, Conveyor
Anagram takes a gamified approach to employee cybersecurity training
Anagram, formerly known as Cipher, is revamping employee cybersecurity training with a gamified approach. Instead of annual, lengthy sessions, Anagram is offering more frequent, interactive lessons, including phishing simulations. The startup pivoted in 2024 after realizing non-security employees were the weakest link. It has since landed major clients like Disney and Thomson Reuters.
Bybit declares war on North Korea’s Lazarus crime-ring to regain $1.5B stolen from wallet
Cryptocurrency exchange Bybit has launched a $140 million bounty program to recover $1.5 billion in Ethereum stolen by North Korea’s Lazarus Group. The heist, executed via a compromised SafeWallet developer machine, manipulated smart contract logic to divert funds. Bybit’s initiative, including a new HackBounty platform, aims to unite the security community in combating state-sponsored crypto theft, reinforcing industry-wide defenses against cyber threats.
GrassCall malware campaign drains crypto wallets via fake job interviews
A Russian-speaking cybercrime group, Crazy Evil, is using fake job interviews to spread “GrassCall” malware, which steals cryptocurrency wallets. Victims are lured via fraudulent Web3 job listings and prompted to download a fake video meeting app that installs infostealers and remote access trojans on Windows and Mac devices. The stolen credentials are then exploited to drain wallets, with attackers profiting from each successful theft. Security researchers warn Web3 job seekers to stay vigilant against such social engineering scams.(BleepingComputer)
HaveIBeenPwned Adds 244 Million Passwords Stolen By Infostealers
HaveIBeenPwned has added 244 million stolen passwords and 284 million compromised email accounts to its database, sourced from 1.5TB of infostealer logs shared on Telegram. The data was linked to a major distribution channel called “Alien Textbase,” which published the logs in 744 files. HIBP also introduced two new APIs allowing domain owners to check for compromised credentials. Infostealers, increasingly used in cyberattacks, spread through phishing, malicious ads, and pirated software, with stolen data fueling major breaches like those affecting Ticketmaster and AT&T. (Infosecurity)