commit 172910f38e73d645c505f0fc4c76041cd5e787f9
parent 42a101cd065212c2eb7f8f04b07098d4791c7f92
Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Tue, 3 Oct 2023 19:18:49 +0200
add bleepingcomputer.com
Diffstat:
1 file changed, 1375 insertions(+), 0 deletions(-)
diff --git a/realworld/bleepingcomputer.com.html b/realworld/bleepingcomputer.com.html
@@ -0,0 +1,1374 @@
+<!doctype html>
+<html lang="en-us">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+<meta http-equiv="X-UA-Compatible" content="IE=edge" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+
+<link href="https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap" rel="stylesheet preload" type="text/css" as="style">
+
+<link href="https://www.bleepstatic.com/js/redesign/bootstrap/css/bootstrap.min.css" rel="stylesheet preload" type="text/css" media="all" as="style">
+<link href="https://www.bleepstatic.com/css/redesign/main.css?v=05.19.23.2" rel="stylesheet preload" type="text/css" media="all" as="style">
+<link href="https://www.bleepstatic.com/css/redesign/home.css" rel="stylesheet preload" type="text/css" media="screen" as="style"><link href="https://www.bleepstatic.com/css/redesign/news.css" rel="stylesheet preload" type="text/css" as="style" media="screen,print">
+<link rel="preload" href="https://www.bleepstatic.com/js/redesign/jquery-3.5.1.min.js" as="script">
+<link rel="preload" href="https://www.bleepstatic.com/js/redesign/jquery-migrate-1.4.1.min.js" as="script">
+
+<meta name="Owner" content="Lawrence Abrams/BleepingComputer.com" />
+<link rel="shortcut icon" href="https://www.bleepstatic.com/favicon/bleeping.ico" />
+<meta property="og:site_name" content="BleepingComputer" />
+<meta property="og:locale" content="en_us" />
+<meta name="application-name" content="BleepingComputer" />
+<link rel="dns-prefetch" href="//fonts.googleapis.com" />
+<link rel="dns-prefetch" href="//www.bleepstatic.com" />
+<link rel="dns-prefetch" href="//www.google-analytics.com" />
+<link rel="dns-prefetch" href="//www.googletagmanager.com" />
+<link rel="dns-prefetch" href="//securepubads.g.doubleclick.net" />
+<title>GitHub repos bombarded by info-stealing commits masked as Dependabot</title>
+<meta name="Keywords" content="computers, windows, linux, mac, support, tech support, spyware, malware, virus, security, Breach, Coding, Dependabot, GitHub, Information Stealer, Password Stealing Trojan,virus removal, malware removal, computer help, technical support" />
+<meta name="description" content="Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers." />
+<meta name="abstract" content="Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers." />
+<link rel="canonical" href="https://www.bleepingcomputer.com/news/security/github-repos-bombarded-by-info-stealing-commits-masked-as-dependabot/" />
+<link rel="prev" href="https://www.bleepingcomputer.com/offer/deals/get-a-refurbished-lenovo-tab-4-android-tablet-for-under-80/" />
+<link rel="next" href="https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/" />
+<meta name="news_keywords" content="Breach, Coding, Dependabot, GitHub, Information Stealer, Password Stealing Trojan, Security, InfoSec, Computer Security">
+<meta property="og:url" content="https://www.bleepingcomputer.com/news/security/github-repos-bombarded-by-info-stealing-commits-masked-as-dependabot/" />
+<meta property="og:type" content="article" />
+<meta property="og:title" content="GitHub repos bombarded by info-stealing commits masked as Dependabot" />
+<meta property="og:description" content="Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers." />
+<meta property="og:image" content="https://www.bleepstatic.com/content/hl-images/2022/04/08/GitHub___headpic.jpg" />
+<meta property="og:image:secure_url" content="https://www.bleepstatic.com/content/hl-images/2022/04/08/GitHub___headpic.jpg" />
+<meta property="fb:app_id" content="517620508265293" />
+<meta property="og:image:width" content="1600" />
+<meta property="og:image:height" content="900" />
+<meta name="twitter:card" content="summary_large_image" />
+<meta name="twitter:site" content="@BleepinComputer" />
+<meta name="twitter:creator" content="@BleepinComputer" />
+<meta name="twitter:title" content="GitHub repos bombarded by info-stealing commits masked as Dependabot" />
+<meta name="twitter:description" content="Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers." />
+<meta name="twitter:image" content="https://www.bleepstatic.com/content/hl-images/2022/04/08/GitHub___headpic.jpg" />
+<script type="application/ld+json">
+{
+ "@context": "https://schema.org",
+ "@type": "NewsArticle",
+ "url": "https://www.bleepingcomputer.com/news/security/github-repos-bombarded-by-info-stealing-commits-masked-as-dependabot/",
+ "headline": "GitHub repos bombarded by info-stealing commits masked as Dependabot",
+ "name": "GitHub repos bombarded by info-stealing commits masked as Dependabot",
+ "mainEntityOfPage": {
+ "@type": "WebPage",
+ "id": "https://www.bleepingcomputer.com/news/security/github-repos-bombarded-by-info-stealing-commits-masked-as-dependabot/"
+ },
+ "description": "Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers.",
+ "image": {
+ "@type": "ImageObject",
+ "url": "https://www.bleepstatic.com/content/hl-images/2022/04/08/GitHub___headpic.jpg",
+ "width": 1600,
+ "height": 900
+ },
+ "author": {
+ "@type": "Person",
+ "name": "Bill Toulas",
+ "url": "https://www.bleepingcomputer.com/author/bill-toulas/"
+ },
+ "keywords": ["Breach","Coding","Dependabot","GitHub","Information Stealer","Password Stealing Trojan","Security","InfoSec, Computer Security"],
+ "datePublished": "2023-09-27T08:00:00-04:00",
+ "dateModified": "2023-09-27T09:08:09-04:00",
+ "publisher": {
+ "@type": "Organization",
+ "name": "BleepingComputer",
+ "url": "https://www.bleepingcomputer.com/",
+ "logo": {
+ "@type": "ImageObject",
+ "url": "https://www.bleepstatic.com/logos/bleepingcomputer-logo.png",
+ "width": 700,
+ "height": 700
+ }
+ }
+}
+</script>
+<link rel="amphtml" href="https://www.bleepingcomputer.com/news/security/github-repos-bombarded-by-info-stealing-commits-masked-as-dependabot/amp/">
+<LINK REL="alternate" TITLE="Bleeping Computer's News" HREF="https://www.bleepingcomputer.com/feed/" TYPE="application/rss+xml">
+<script type="text/javascript" src="https://www.bleepstatic.com/js/redesign/jquery-3.5.1.min.js"></script>
+<script type="text/javascript" src="https://www.bleepstatic.com/js/redesign/jquery-migrate-1.4.1.min.js"></script>
+<script async type="text/javascript" src="https://www.bleepstatic.com/js/redesign/news.js"></script>
+<script>
+!function(n){if(!window.cnxps){window.cnxps={},window.cnxps.cmd=[];var t=n.createElement('iframe');t.display='none',t.onload=function(){var n=t.contentWindow.document,c=n.createElement('script');c.src='//cd.connatix.com/connatix.playspace.js',c.setAttribute('async','1'),c.setAttribute('type','text/javascript'),n.body.appendChild(c)},n.head.appendChild(t)}}(document);
+</script>
+<script id="6302b4e26cf04d8bbf9ab6cbec18daf4">
+cnxps.cmd.push(function () {
+cnxps({
+playerId: '067e5169-ece3-4ce8-87ad-c7961b8bb396'
+}).render('6302b4e26cf04d8bbf9ab6cbec18daf4');
+});
+</script>
+<meta name="robots" content="max-image-preview:large">
+<link rel="stylesheet" href="https://a.pub.network/core/pubfig/cls.css">
+<script data-cfasync="false" type="text/javascript">
+ var freestar = freestar || {};
+ freestar.queue = freestar.queue || [];
+ freestar.config = freestar.config || {};
+ // Tag IDs set here, must match Tags served in the Body for proper setup
+ freestar.config.enabled_slots = [];
+ freestar.queue.push(function() {
+
+ googletag.pubads().setTargeting('section', ['news','security']);
+ });
+
+ freestar.initCallback = function () { (freestar.config.enabled_slots.length === 0) ? freestar.initCallbackCalled = false : freestar.newAdSlots(freestar.config.enabled_slots) }
+</script>
+<script src="https://a.pub.network/bleepingcomputer-com/pubfig.min.js" async></script>
+
+<script data-cfasync="false" type="text/javascript">
+ ;(function(o) {
+ var w=window.top,a='apdAdmin',ft=w.document.getElementsByTagName('head')[0],
+ l=w.location.href,d=w.document;w.apd_options=o;
+ if(l.indexOf('disable_fi')!=-1) { console.error("disable_fi has been detected in URL. FI functionality is disabled for this page view."); return; }
+ var fiab=d.createElement('script'); fiab.type = 'text/javascript';
+ fiab.src=o.scheme+'ecdn.analysis.fi/static/js/fab.js';fiab.id='fi-'+o.websiteId;
+ ft.appendChild(fiab, ft);if(l.indexOf(a)!=-1) w.localStorage[a]=1; var aM = w.localStorage[a]==1, fi=d.createElement('script');
+ fi.type='text/javascript'; fi.async=true; if(aM) fi['data-cfasync']='false';
+ fi.src=o.scheme+(aM?'cdn':'ecdn') + '.firstimpression.io/' + (aM ? 'fi.js?id='+o.websiteId : 'fi_client.js');
+ ft.appendChild(fi);
+ })({
+ 'websiteId': 5971,
+ 'scheme': '//'
+ });
+</script>
+
+<script src="https://www.bleepstatic.com/js/qc-consent/qc-consent.js" async="true"></script>
+
+<script async src="https://www.googletagmanager.com/gtag/js?id=UA-91740-1"></script>
+<script>
+ window.dataLayer = window.dataLayer || [];
+ function gtag(){dataLayer.push(arguments);}
+ gtag('js', new Date());
+
+ gtag('config', 'UA-91740-1');
+</script>
+
+</head>
+<body>
+<div class="bc_wrapper">
+
+<header>
+<div class="container">
+<div class="row">
+<div class="col-md-4">
+<a class="bc_logo" aria-label="BleepingComputer.com" href="https://www.bleepingcomputer.com/"><img src="https://www.bleepstatic.com/images/site/logo.png" width="287" height="24" alt="BleepingComputer.com logo"></a>
+</div>
+<div class="col-md-8">
+<ul class="bc_social_icons">
+<li><a href="https://www.facebook.com/BleepingComputer" aria-label="Visit BleepingComputer's Facebook profile"><span title="BleepingComputer Facebook page" class="fa-brands fa-facebook-f"></span></a></li>
+<li><a href="https://twitter.com/BleepinComputer" aria-label="Visit BleepingComputer's Twitter profile"><span aria-hidden="true" title="BleepingComputer Twitter page" class="fa-brands fa-twitter"></span></a></li>
+<li><a href="https://infosec.exchange/@BleepingComputer" aria-label="Visit BleepingComputer's Mastodon profile"><span aria-hidden="true" title="BleepingComputer Mastodon profile" class="fa-brands fa-mastodon"></span></a></li>
+<li><a href="https://www.youtube.com/user/BleepingComputer" aria-label="Visit BleepingComputer's YouTube channel"><span aria-hidden="true" title="BleepingComputer YouTube page" class="fa-brands fa-youtube"></span></a></li>
+</ul>
+<div class="bc_search_box">
+<form title="Search site" action="https://www.bleepingcomputer.com/search/">
+<input type="hidden" name="cx" value="partner-pub-0920899300397823:3529943228" />
+<input type="hidden" name="cof" value="FORID:10" />
+<input type="hidden" name="ie" value="UTF-8" />
+<input type="search" name="q" aria-label="Search Site" placeholder="Search Site" />
+</form>
+<script async type="text/javascript" src="https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
+</div>
+<div class="bc_login">
+<input aria-label="Login to BleepingComputer" type="submit" value="Login" class="bc_login_btn">
+<input aria-label="Register account" type="submit" value="Sign up" class="bc_signup_btn" onclick="window.location='https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register';" />
+</div>
+</div>
+</div>
+</div>
+
+<nav class="bc_navigation">
+<div class="container">
+<span id="toggle-nav" class="toggle-site-nav">
+<span></span>
+</span>
+<div class="site-nav" id="nav" role="navigation">
+<ul class="bc_social_icons bc_mob">
+<li><a href="https://www.facebook.com/BleepingComputer" aria-label="Visit BleepingComputer's Facebook profile"><span aria-hidden="true" class="fa-brands fa-facebook-f"></span></a></li>
+<li><a href="https://twitter.com/BleepinComputer" aria-label="Visit BleepingComputer's Twitter profile"><span aria-hidden="true" class="fa-brands fa-twitter"></span></a></li>
+<li><a href="https://infosec.exchange/@BleepingComputer" aria-label="Visit BleepingComputer's Mastodon profile"><span aria-hidden="true" title="BleepingComputer Mastodon profile" class="fa-brands fa-mastodon"></span></a></li>
+<li><a href="https://www.youtube.com/user/BleepingComputer" aria-label="Visit BleepingComputer's YouTube profile"><span aria-hidden="true" class="fa-brands fa-youtube"></span></a></li>
+</ul>
+<div class="bc_search_box bc_mob">
+<form action="https://www.bleepingcomputer.com/search/">
+<input type="hidden" name="cx" value="partner-pub-0920899300397823:3529943228" />
+<input type="hidden" name="cof" value="FORID:10" />
+<input type="hidden" name="ie" value="UTF-8" />
+<input type="search" name="q" aria-label="Search Site" placeholder="Search Site" />
+</form>
+<script async type="text/javascript" src="https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
+</div>
+<div class="bc_login bc_mob">
+<input aria-label="Login to BleepingComputer" type="submit" value="Login" class="bc_login_btn">
+<input aria-label="Register account" type="submit" value="Sign up" class="bc_signup_btn" onclick="window.location='https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register';">
+</div>
+<ul class="nav-menu">
+<li class="bc_dropdown"><a href="https://www.bleepingcomputer.com/">News</a>
+<div class="bc_sub_menu">
+<div role="tabpanel">
+<ul class="nav nav-tabs" role="tablist" id="bc_drop_tab">
+<li class="active"><a href="#nfeatured" role="tab" data-toggle="tab">Featured</a></li>
+<li><a href="#nlatest" role="tab" data-toggle="tab">Latest</a></li>
+</ul>
+<div class="tab-content">
+<div role="tabpanel" class="tab-pane active" id="nfeatured">
+<ul>
+<li>
+<a href="https://www.bleepingcomputer.com/news/security/millions-of-exim-mail-servers-exposed-to-zero-day-rce-attacks/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/content/hl-images/2023/09/29/thumb/211x130_Exim-headpic.jpg" alt="Millions of Exim mail servers exposed to zero-day RCE attacks" height="130px" width="100%">
+<p>Millions of Exim mail servers exposed to zero-day RCE attacks</p>
+</a>
+</li>
+<li>
+<a href="https://www.bleepingcomputer.com/news/security/progress-warns-of-maximum-severity-ws-ftp-server-vulnerability/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/content/hl-images/2023/09/28/thumb/211x130_Progress.jpg" alt="Progress warns of maximum severity WS_FTP Server vulnerability" height="130px" width="100%">
+<p>Progress warns of maximum severity WS_FTP Server vulnerability</p>
+</a>
+</li>
+<li>
+<a href="https://www.bleepingcomputer.com/news/security/bing-chat-responses-infiltrated-by-ads-pushing-malware/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/content/hl-images/2023/02/17/thumb/211x130_bing-chat-header-blue.jpg" alt="Bing Chat responses infiltrated by ads pushing malware" height="130px" width="100%">
+<p>Bing Chat responses infiltrated by ads pushing malware</p>
+</a>
+</li>
+<li>
+<a href="https://www.bleepingcomputer.com/news/security/microsoft-breach-led-to-theft-of-60-000-us-state-dept-emails/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/content/hl-images/2023/09/28/thumb/211x130_Hacker_world_map.jpg" alt="Microsoft breach led to theft of 60,000 US State Dept emails" height="130px" width="100%">
+<p>Microsoft breach led to theft of 60,000 US State Dept emails</p>
+</a>
+</li>
+</ul>
+</div>
+<div role="tabpanel" class="tab-pane" id="nlatest">
+<ul>
+<li>
+<a href="https://www.bleepingcomputer.com/news/security/shelltorch-flaws-expose-ai-servers-to-code-execution-attacks/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/content/hl-images/2022/05/12/thumb/211x130_evil-hacker-ai.jpg" alt="ShellTorch flaws expose AI servers to code execution attacks" height="130px" width="100%">
+<p>ShellTorch flaws expose AI servers to code execution attacks</p>
+</a>
+</li>
+<li>
+<a href="https://www.bleepingcomputer.com/news/security/qualcomm-says-hackers-exploit-3-zero-days-in-its-gpu-dsp-drivers/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/content/hl-images/2021/05/05/thumb/211x130_Qualcomm.jpg" alt="Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers" height="130px" width="100%">
+<p>Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers</p>
+</a>
+</li>
+<li>
+<a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-teams-get-fixes-for-zero-days-in-open-source-libraries/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/content/hl-images/2021/09/05/thumb/211x130_Microsoft.jpg" alt="Microsoft Edge, Teams get fixes for zero-days in open-source libraries" height="130px" width="100%">
+<p>Microsoft Edge, Teams get fixes for zero-days in open-source libraries</p>
+</a>
+</li>
+<li>
+<a href="https://www.bleepingcomputer.com/news/security/evilproxy-uses-indeedcom-open-redirect-for-microsoft-365-phishing/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/content/hl-images/2022/07/22/thumb/211x130_Microsoft_365.jpg" alt="EvilProxy uses indeed.com open redirect for Microsoft 365 phishing" height="130px" width="100%">
+<p>EvilProxy uses indeed.com open redirect for Microsoft 365 phishing</p>
+</a>
+</li>
+</ul>
+</div>
+</div>
+</div>
+</div>
+</li>
+<li class="bc_dropdown"><a href="https://www.bleepingcomputer.com/download/">Downloads</a>
+<div class="bc_sub_menu">
+<div role="tabpanel">
+<ul class="nav nav-tabs" role="tablist" id="bc_drop_tab">
+<li class="active"><a href="#dlatest" role="tab" data-toggle="tab">Latest</a></li>
+<li><a href="#most" role="tab" data-toggle="tab">Most Downloaded</a></li>
+</ul>
+<div class="tab-content">
+<div role="tabpanel" class="tab-pane active" id="dlatest">
+<ul>
+<li>
+<a href="https://www.bleepingcomputer.com/download/qualys-browsercheck/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/download/nav-header-images/2/201-qualys-browsercheck-for-windows.jpg" alt="Qualys BrowserCheck" height="130px" width="100%">
+<p class="center">Qualys BrowserCheck</p>
+</a>
+</li>
+<li>
+<a href="https://www.bleepingcomputer.com/download/stopdecrypter/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/download/nav-header-images/2/200-stopdecrypter.jpg" alt="STOPDecrypter" height="130px" width="100%">
+<p class="center">STOPDecrypter</p>
+</a>
+</li>
+<li>
+<a href="https://www.bleepingcomputer.com/download/auroradecrypter/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/download/nav-header-images/1/199-auroradecrypter.jpg" alt="AuroraDecrypter" height="130px" width="100%">
+<p class="center">AuroraDecrypter</p>
+</a>
+</li>
+<li>
+<a href="https://www.bleepingcomputer.com/download/fileslockerdecrypter/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/download/nav-header-images/1/198-fileslockerdecryptor.jpg" alt="FilesLockerDecrypter" height="130px" width="100%">
+<p class="center">FilesLockerDecrypter</p>
+</a>
+</li>
+</ul>
+</div>
+<div role="tabpanel" class="tab-pane" id="most">
+<ul>
+<li>
+<a href="/download/adwcleaner/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/download/nav-header-images/0/96-adwcleaner.jpg" alt="AdwCleaner" height="130px" width="100%">
+<p class="center">AdwCleaner</p>
+</a>
+</li>
+<li>
+<a href="/download/combofix/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/download/nav-header-images/0/9-combofix.jpg" alt="ComboFix" height="130px" width="100%">
+<p class="center">ComboFix</p>
+</a>
+</li>
+<li>
+<a href="/download/rkill/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/download/nav-header-images/0/8-rkill.jpg" alt="RKill" height="130px" width="100%">
+<p class="center">RKill</p>
+</a>
+</li>
+<li>
+<a href="/download/junkware-removal-tool/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/download/nav-header-images/0/98-junkware-removal-tool.jpg" alt="Junkware Removal Tool" height="130px" width="100%">
+<p class="center">Junkware Removal Tool</p>
+</a>
+</li>
+</ul>
+</div>
+</div>
+</div>
+</div>
+</li>
+<li class="bc_dropdown"><a href="https://www.bleepingcomputer.com/vpn/">VPNs</a>
+<div class="bc_sub_menu">
+<div role="tabpanel">
+<ul class="nav nav-tabs" role="tablist" id="bc_drop_tab">
+<li class="active"><a href="#vpopular" role="tab" data-toggle="tab">Popular</a></li>
+</ul>
+<div class="tab-content">
+<div role="tabpanel" class="tab-pane active" id="vpopular">
+<ul>
+<li>
+<a href="https://www.bleepingcomputer.com/vpn/guides/best-vpn/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/content/posts/2023/03/16/Best_VPN_services_for_2023.jpg" alt="Best VPNs" height="130px" width="100%">
+<p>Best VPNs</p>
+</a>
+</li>
+<li>
+<a href="https://www.bleepingcomputer.com/vpn/guides/change-ip-address/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/content/posts/2023/03/16/change_ip_address_(2).jpg" alt="How to change IP address" height="130px" width="100%">
+<p>How to change IP address</p>
+</a>
+</li>
+<li>
+<a href="https://www.bleepingcomputer.com/vpn/guides/access-dark-web-safely/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/content/posts/2023/03/16/Best_VPN_services_for_2023.jpg" alt="Access the dark web safely" height="130px" width="100%">
+<p>Access the dark web safely</p>
+</a>
+</li>
+<li>
+<a href="https://www.bleepingcomputer.com/vpn/guides/watch-youtube-tv-abroad-vpn/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/images/news/u/1274444/How%20to%20watch%20YouTube%20TV%20from%20anywhere%20with%20a%20VPN.jpg" alt="Best VPN for YouTube" height="130px" width="100%">
+<p>Best VPN for YouTube</p>
+</a>
+</li>
+</ul>
+</div>
+</div>
+</div>
+</div>
+</li>
+<li class="bc_dropdown"><a href="https://www.bleepingcomputer.com/virus-removal/">Virus Removal Guides</a>
+<div class="bc_sub_menu">
+<div role="tabpanel">
+<ul class="nav nav-tabs" role="tablist" id="bc_drop_tab">
+<li class="active"><a href="#vlatest" role="tab" data-toggle="tab">Latest</a></li>
+<li><a href="#vmost" role="tab" data-toggle="tab">Most Viewed</a></li>
+<li><a href="#ransomware" role="tab" data-toggle="tab">Ransomware</a></li>
+</ul>
+<div class="tab-content">
+<div role="tabpanel" class="tab-pane active" id="vlatest">
+<ul>
+<li>
+<a href="/virus-removal/remove-theonlinesearch.com-search-redirect" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/removal-guides/t/Theonlinesearch.com/theonlinesearch.com-search-redirect-thmb-350.jpg" alt="Remove the Theonlinesearch.com Search Redirect" height="130px" width="100%">
+<p>Remove the Theonlinesearch.com Search Redirect</p>
+</a>
+</li>
+<li>
+<a href="/virus-removal/remove-smartwebfinder.com-search-redirect" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/removal-guides/s/smartwebfinder-redirect/smartwebfinder-redirect-thmb-350.jpg" alt="Remove the Smartwebfinder.com Search Redirect" height="130px" width="100%">
+<p>Remove the Smartwebfinder.com Search Redirect</p>
+</a>
+</li>
+<li>
+<a href="/virus-removal/how-to-remove-the-pblock-adware-extension" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/removal-guides/p/pblock/pblock-extension-thmb-350.jpg" alt="How to remove the PBlock+ adware browser extension" height="130px" width="100%">
+<p>How to remove the PBlock+ adware browser extension</p>
+</a>
+</li>
+<li>
+<a href="/virus-removal/remove-toksearches.xyz-search-redirect" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/removal-guides/t/toksearches/toksearches-redirect-thmb-350.jpg" alt="Remove the Toksearches.xyz Search Redirect" height="130px" width="100%">
+<p>Remove the Toksearches.xyz Search Redirect</p>
+</a>
+</li>
+</ul>
+</div>
+<div role="tabpanel" class="tab-pane" id="vmost">
+<ul>
+<li>
+<a href="/virus-removal/remove-security-tool" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/swr-guides/s/securitytool/security-tool-thmb-350.jpg" alt="Remove Security Tool and SecurityTool (Uninstall Guide)" height="130px" width="100%">
+<p>Remove Security Tool and SecurityTool (Uninstall Guide)</p>
+</a>
+</li>
+<li>
+<a href="/virus-removal/remove-vundo-virtumonde" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/images/site/navigation/generic-chalkboard-211x130.jpg" alt="How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo" height="130px" width="100%">
+<p>How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo</p>
+</a>
+</li>
+<li>
+<a href="/virus-removal/uninstall-antivirus-2009" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/swr-guides/a/antivirus-2009/antivirus-2009-thmb-350.jpg" alt="How to remove Antivirus 2009 (Uninstall Instructions)" height="130px" width="100%">
+<p>How to remove Antivirus 2009 (Uninstall Instructions)</p>
+</a>
+</li>
+<li>
+<a href="/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/swr-guides/tools/tdsskiller/tdsskiller-start-thmb-350.jpg" alt="How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller" height="130px" width="100%">
+<p>How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller</p>
+</a>
+</li>
+</ul>
+</div>
+<div role="tabpanel" class="tab-pane" id="ransomware">
+<ul>
+<li>
+<a href="/virus-removal/locky-ransomware-information-help" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/swr-guides/l/locky/locky-header-thmb-350.png" alt="Locky Ransomware Information, Help Guide, and FAQ" height="130px" width="100%">
+<p>Locky Ransomware Information, Help Guide, and FAQ</p>
+</a>
+</li>
+<li>
+<a href="/virus-removal/cryptolocker-ransomware-information" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/swr-guides/c/cryptolocker/CryptoLocker-thmb-350.jpg" alt="CryptoLocker Ransomware Information Guide and FAQ" height="130px" width="100%">
+<p>CryptoLocker Ransomware Information Guide and FAQ</p>
+</a>
+</li>
+<li>
+<a href="/virus-removal/cryptorbit-ransomware-information" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/swr-guides/c/cryptorbit/howdecrypt-thmb-350.gif" alt="CryptorBit and HowDecrypt Information Guide and FAQ" height="130px" width="100%">
+<p>CryptorBit and HowDecrypt Information Guide and FAQ</p>
+</a>
+</li>
+<li>
+<a href="/virus-removal/cryptodefense-ransomware-information" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/swr-guides/c/CryptoDefense/how_decrypt-html-thmb-350.jpg" alt="CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ" height="130px" width="100%">
+<p>CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ</p>
+</a>
+</li>
+</ul>
+</div>
+</div>
+</div>
+</div>
+</li>
+<li class="bc_dropdown"><a href="https://www.bleepingcomputer.com/tutorials/">Tutorials</a>
+<div class="bc_sub_menu">
+<div role="tabpanel">
+<ul class="nav nav-tabs" role="tablist" id="bc_drop_tab">
+<li class="active"><a href="#tlatest" role="tab" data-toggle="tab">Latest</a></li>
+<li><a href="#popular" role="tab" data-toggle="tab">Popular</a></li>
+</ul>
+<div class="tab-content">
+<div role="tabpanel" class="tab-pane active" id="tlatest">
+<ul>
+<li>
+<a href="/tutorials/how-to-enable-kernel-mode-hardware-enforced-stack-protection-in-windows-11/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/images/site/tutorials/nav-header-images/7/374-Microsoft_Defender_headpic.jpg" alt="How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11" height="130px" width="100%">
+<p>How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11</p>
+</a>
+</li>
+<li>
+<a href="/tutorials/how-to-use-the-windows-registry-editor/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/images/site/tutorials/nav-header-images/7/371-windows-registry-editor.jpg" alt="How to use the Windows Registry Editor" height="130px" width="100%">
+<p>How to use the Windows Registry Editor</p>
+</a>
+</li>
+<li>
+<a href="/tutorials/how-to-backup-and-restore-the-windows-registry/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/images/site/tutorials/nav-header-images/7/372-Windows.jpg" alt="How to backup and restore the Windows Registry" height="130px" width="100%">
+<p>How to backup and restore the Windows Registry</p>
+</a>
+</li>
+<li>
+<a href="/tutorials/how-to-open-a-windows-11-command-prompt-as-administrator/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/images/site/tutorials/nav-header-images/7/370-windows-11-admin-prompt-header.jpg" alt="How to open a Windows 11 Command Prompt as Administrator" height="130px" width="100%">
+<p>How to open a Windows 11 Command Prompt as Administrator</p>
+</a>
+</li>
+</ul>
+</div>
+<div role="tabpanel" class="tab-pane" id="popular">
+<ul>
+<li>
+<a href="/tutorials/how-to-start-windows-in-safe-mode/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/images/site/tutorials/nav-header-images/1/61-startup-settings.png" alt="How to start Windows in Safe Mode" height="130px" width="100%">
+<p>How to start Windows in Safe Mode</p>
+</a>
+</li>
+<li>
+<a href="/tutorials/how-to-remove-a-trojan-virus-worm-or-malware/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/images/site/tutorials/nav-header-images/2/101-Cerber-wallpaper.png" alt="How to remove a Trojan, Virus, Worm, or other Malware" height="130px" width="100%">
+<p>How to remove a Trojan, Virus, Worm, or other Malware</p>
+</a>
+</li>
+<li>
+<a href="/tutorials/show-hidden-files-in-windows-7/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/images/site/tutorials/nav-header-images/3/151-show-hidden-files.jpg" alt="How to show hidden files in Windows 7" height="130px" width="100%">
+<p>How to show hidden files in Windows 7</p>
+</a>
+</li>
+<li>
+<a href="/tutorials/how-to-see-hidden-files-in-windows/" class="nmic">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/images/site/tutorials/nav-header-images/1/62-hidden-files.jpg" alt="How to see hidden files in Windows" height="130px" width="100%">
+<p>How to see hidden files in Windows</p>
+</a>
+</li>
+</ul>
+</div>
+</div>
+</div>
+</div>
+</li>
+<li class="bc_dropdown"><a href="https://deals.bleepingcomputer.com/">Deals</a>
+<div class="bc_sub_menu">
+<div role="tabpanel">
+<ul class="nav nav-tabs" role="tablist" id="bc_drop_tab">
+<li class="active"><a href="#dcategories" role="tab" data-toggle="tab">Categories</a></li>
+</ul>
+<div class="tab-content">
+<div role="tabpanel" class="tab-pane active" id="dcategories">
+<ul>
+<li>
+<a href="https://deals.bleepingcomputer.com/deals/elearning?utm_source=bleepingcomputer.com&utm_medium=dd_cat">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/images/deals/elearning-nav.jpg" alt="eLearning" height="130px" width="100%">
+<p align="center">eLearning</p>
+</a>
+</li>
+<li>
+<a href="https://deals.bleepingcomputer.com/deals/certifications?utm_source=bleepingcomputer.com&utm_medium=dd_cat">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="b-lazy" data-src="https://www.bleepstatic.com/images/deals/it-certification-nav.jpg" alt="IT Certification Courses" height="130px" width="100%">
+<p align="center">IT Certification Courses</p>
+</a>
+</li>
+<li>
+<a href="https://deals.bleepingcomputer.com/deals/gear-gadgets?utm_source=bleepingcomputer.com&utm_medium=dd_cat">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" data-src="https://www.bleepstatic.com/images/deals/gear-gadgets-nav.jpg" class="b-lazy" alt="Gear & Gadgets" height="130px" width="100%">
+<p align="center">Gear + Gadgets</p>
+</a>
+</li>
+<li>
+<a href="https://deals.bleepingcomputer.com/collections/tag-cyber-security?utm_source=bleepingcomputer.com&utm_medium=dd_cat">
+<img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" data-src="https://www.bleepstatic.com/images/deals/security-nav.jpg" class="b-lazy" alt="Security" height="130px" width="100%">
+<p align="center">Security</p>
+</a>
+</li>
+</ul>
+</div>
+</div>
+</div>
+</div>
+</li>
+<li><a href="https://www.bleepingcomputer.com/forums/">Forums</a></li>
+<li class="bc_dropdown bc_more_nav"><a aria-label="Click here to see more BleepingComputer sections" id="more_dd" href="#">More</a>
+<ul id="bc_more-nav" class="bc_more_submenu">
+<li><a href="https://www.bleepingcomputer.com/startups/">Startup Database</a></li>
+<li><a href="https://www.bleepingcomputer.com/uninstall/">Uninstall Database</a></li>
+<li><a href="https://www.bleepingcomputer.com/glossary/">Glossary</a></li>
+<li><a href="https://www.bleepingcomputer.com/forums/t/730914/the-bleepingcomputer-official-discord-chat-server-come-join-the-fun/">Chat on Discord</a></li>
+<li><a href="https://www.bleepingcomputer.com/news-tip/">Send us a Tip!</a></li>
+<li><a href="https://www.bleepingcomputer.com/welcome-guide/">Welcome Guide</a></li>
+</ul>
+</li>
+</ul>
+</div>
+</div>
+</nav>
+</header>
+
+<section class="cz-oa-wrapp">
+<div class="container">
+<div class="row">
+<div class="col-md-12">
+<div class="cz-toa-wrapp">
+<div align="center" data-freestar-ad="__320x50 __970x250" id="bleepingcomputer_728x90_970x90_970x250_320x50_ATF">
+<script data-cfasync="false" type="text/javascript">
+ freestar.config.enabled_slots.push({ placementName: "bleepingcomputer_728x90_970x90_970x250_320x50_ATF", slotId: "bleepingcomputer_728x90_970x90_970x250_320x50_ATF" });
+</script>
+</div>
+</div>
+</div>
+</div>
+</div>
+</section>
+<section>
+<div class="container">
+<div class="row">
+<div class="col-md-12">
+<div class="cz-breadcrumb-outer-wrapp">
+<div class="cz-breadcrumb-left-area">
+<div class="cz-breadcrumb">
+<ul itemscope itemtype="https://schema.org/BreadcrumbList">
+<li itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem"><a href="https://www.bleepingcomputer.com/" itemprop="item"><span itemprop="name">Home</span></a><meta itemprop="position" content="1" /></li><li itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem"><span itemprop="name"><a href="https://www.bleepingcomputer.com/news/" itemprop="item">News</a></span><meta itemprop="position" content="2" /></li><li itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem"><span itemprop="name"><a href="https://www.bleepingcomputer.com/news/security/" itemprop="item">Security</a></span><meta itemprop="position" content="3" /></li><li class="active" itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem"><span itemprop="name">GitHub repos bombarded by info-stealing commits masked as Dependabot</span><meta itemprop="position" content="4" /></li>
+</ul>
+</div>
+</div>
+<div class="cz-breadcrumb-right-area">
+<div class="cz-like-wrapper">
+<ul>
+<li><div class="addthis_sharing_toolbox"></div></li>
+<li class="cz-print-icon"><a aria-label="Print article" href="#"> </a></li>
+</ul>
+</div>
+</div>
+</div>
+</div>
+</div>
+</div>
+</section>
+
+<section class="bc_main_content">
+<div class="container">
+<div class="row">
+<div class="col-md-8">
+<div class="cz-main-left-section">
+<article><div class="article_section">
+<h1>GitHub repos bombarded by info-stealing commits masked as Dependabot</h1>
+<div class="cz-news-story-title-section">
+<div class="cz-news-title-left-area">
+By <h6><a rel="author" href="https://www.bleepingcomputer.com/author/bill-toulas/" class="author"><span itemprop="author" itemscope itemtype="https://schema.org/Person"><span itemprop="name">Bill Toulas</span></span></a></h6>
+</div>
+<meta itemprop="articleSection" content="Security"><div class="cz-news-title-right-area">
+<ul><li class="cz-news-date">September 27, 2023</li>
+<li class="cz-news-time">08:00 AM</li>
+<li class="cz-news-comment"><a href="#comment_form">0</a></li>
+</ul></div>
+</div>
+<div class="articleBody">
+<p style="text-align:center"><img alt="GitHub" height="900" src="https://www.bleepstatic.com/content/hl-images/2022/04/08/GitHub___headpic.jpg" width="1600"></p>
+<p>Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers.</p>
+<p>The campaign unfolded in July 2023, when researchers discovered unusual commits on hundreds of public and private repositories forged to appear as Dependabot commits.</p>
+<p>Dependabot is an automated tool provided by GitHub that scans projects for vulnerable dependencies and then automatically issues pull requests to install the updated versions.</p>
+<p>As <a href="https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code/" target="_blank" rel="nofollow noopener">reported today by Checkmarx</a>, these fake Dependabot contributions were made possible using stolen GitHub access tokens with the attackers' goal of injecting malicious code to steal the project's secrets.</p>
+<h2>Impersonating GitHub's Dependabot</h2>
+<p>The attack began with the attackers somehow obtaining their targets' personal GitHub access tokens, which Checkmarx has no insight into.</p>
+<p>The threat actors then appear to be using automated scripts to create fake commit messages titled "fix" that appear to be by the user account "dependabot[bot]."</p>
+<p>These commits introduce malicious code into the project that performs the following two actions:</p>
+<ol><li>Extract secrets from the targeted GitHub project and send them to the attacker's command and control server.</li>
+<li>Modify existing JavaScript files in the breached repository to add malware that steals passwords from web-form submissions and sends them to the same C2 address.</li>
+</ol><p>The secrets exfiltration is achieved by adding the GitHub action file "hook.yml" as a new workflow triggered on every code push event on the impacted repository.</p>
+<div style="text-align:center">
+<figure class="image" style="display:inline-block"><img alt="Example of the malicious commit" height="600" src="https://www.bleepstatic.com/images/news/u/1220909/2023/PyPI/10/malicious-commit.jpg" width="937"><figcaption><strong>Example of the malicious commit</strong> <em>(Checmarx)</em></figcaption></figure></div>
+<p>The password-stealer component injects obfuscated JavaScript into the end of all JavaScript (.js) files that load the following script from a remote site. This script will monitor for form submissions to steal passwords from any form inputs of type 'password.'</p>
+<div style="text-align:center">
+<figure class="image" style="display:inline-block"><img alt="Password stealing code" height="600" src="https://www.bleepstatic.com/images/news/u/1220909/2023/PyPI/10/stealer.jpg" width="918"><figcaption><strong>Password stealing code invoked by the modified JS files</strong> <em>(Checkmarx)</em></figcaption></figure></div>
+<p>As many compromised tokens also granted access to private repositories, the attack affected both public and private GitHub repositories.</p>
+<h2>Possible compromise points</h2>
+<p>Checkmarx's analysts examined the logs from some victims and found that their accounts were compromised using stolen PATs (personal access tokens).</p>
+<p>These tokens are stored locally on the developer's computers and can be used to log in to GitHub without going through 2FA (two-factor authentication) steps.</p>
+<p>"Sadly, the token's access log activity is not visible in the account's audit log. So if you're token got compromised, you can't know for sure because the access logs are missing," warns Checkmarx</p>
+<div style="text-align:center">
+<figure class="image" style="display:inline-block"><img alt="The attack chain" height="263" src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" width="1200" data-src="https://www.bleepstatic.com/images/news/u/1220909/2023/PyPI/10/attack-process.jpg" class="b-lazy"><figcaption><strong>The attack chain </strong><em>(Checkmarx)</em></figcaption></figure></div>
+<p>Although the cybersecurity firm didn't reach a concrete conclusion on the exact means by which the attackers stole these tokens, they assume it might be through a malware infection possibly introduced to the developer's device via a malicious package.</p>
+<p>Most compromised users are from Indonesia, implying a targeted attack tailored to this demographic. However, the available evidence doesn't provide specific details about the theme.</p>
+<p>A proposed measure to defend against these attacks is to switch to GitHub's <a href="https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/" target="_blank" rel="nofollow noopener">fine-grained personal access tokens</a>, which limits each user to specific permissions, hence reducing risks in case of compromise.</p>
+<div class="cz-related-article-wrapp">
+<h3>Related Articles:</h3>
+<p><a href="https://www.bleepingcomputer.com/news/security/ssh-keys-stolen-by-stream-of-malicious-pypi-and-npm-packages/" class="ras">SSH keys stolen by stream of malicious PyPI and npm packages</a></p><p><a href="https://www.bleepingcomputer.com/news/security/fake-bitwarden-sites-push-new-zenrat-password-stealing-malware/" class="ras">Fake Bitwarden sites push new ZenRAT password-stealing malware</a></p><p><a href="https://www.bleepingcomputer.com/offer/deals/get-up-to-speed-on-python-with-74-off-a-python-bootcamp-bundle/" class="ras">Get up to speed on Python with $74 off a Python bootcamp bundle</a></p><p><a href="https://www.bleepingcomputer.com/news/security/github-passkeys-generally-available-for-passwordless-sign-ins/" class="ras">GitHub passkeys generally available for passwordless sign-ins</a></p><p><a href="https://www.bleepingcomputer.com/news/security/transunion-denies-it-was-hacked-links-leaked-data-to-3rd-party/" class="ras">TransUnion denies it was hacked, links leaked data to 3rd party</a></p>
+</div>
+</div>
+</div>
+</article><div class="asa">
+<div align="center" data-freestar-ad="__320x50 __728x90" id="bleepingcomputer_728x90_320x50_InContent_1">
+<script data-cfasync="false" type="text/javascript">
+ freestar.config.enabled_slots.push({ placementName: "bleepingcomputer_728x90_320x50_InContent_1", slotId: "bleepingcomputer_728x90_320x50_InContent_1" });
+</script></div>
+</div>
+<div class="cz-news-tags-wrap">
+<ul><li><a href="https://www.bleepingcomputer.com/tag/breach/">Breach</a></li>
+<li><a href="https://www.bleepingcomputer.com/tag/coding/">Coding</a></li>
+<li><a href="https://www.bleepingcomputer.com/tag/dependabot/">Dependabot</a></li>
+<li><a href="https://www.bleepingcomputer.com/tag/github/">GitHub</a></li>
+<li><a href="https://www.bleepingcomputer.com/tag/information-stealer/">Information Stealer</a></li>
+<li><a href="https://www.bleepingcomputer.com/tag/password-stealing-trojan/">Password Stealing Trojan</a></li>
+</ul></div>
+<div class="cz-news-like-wrapp">
+<div class="addthis_toolbox addthis_default_style addthis_32x32_style">
+<div class="cz-news-like-left-area">
+<ul><li><a aria-label="Share article on Facebook" class="addthis_button_facebook"></a></li>
+<li><a aria-label="Share article on Twitter" class="addthis_button_twitter"></a></li>
+<li><a aria-label="Share article on LinkedIn" class="addthis_button_linkedin"></a></li>
+</ul></div>
+<div class="cz-news-like-right-area">
+<ul><li><a title="Email article" class="addthis_button_email"></a></li>
+<li class="cz-lg-print-icon"><a aria-label="Print Article" title="Print article" href="#"></a></li>
+</ul></div>
+</div>
+</div>
+<div class="cz-full-bio-wrapp">
+<div class="cz-full-bio-img-wrapp" title="Bill Toulas profile page">
+<a style="background-image:url('https://www.bleepstatic.com/author/photos/42758747b8592c683aa2b2162019ddfa.jpg');" aria-label="Photo of Bill Toulas" alt-title="Bill Toulas profile page" class="author-img" href="https://www.bleepingcomputer.com/author/bill-toulas/"></a>
+</div>
+<div class="cz-full-bio-content-wrapp">
+<h5><a href="https://www.bleepingcomputer.com/author/bill-toulas/" target="_blank">Bill Toulas</a> <span> <a href="mailto:bill.toulas@bleepingcomputer.com" aria-label="Email bill.toulas@bleepingcomputer.com" alt-title="Email bill.toulas@bleepingcomputer.com"><i aria-hidden="true" class="fa fa-envelope email" title="Email bill.toulas@bleepingcomputer.com"></i></a> <a href="https://twitter.com/billtoulas" target="_blank" rel="noopener" aria-label="Open Author's twitter page" alt-title="Open Author's twitter page"><i aria-hidden="true" class="fa-brands fa-twitter twitter" title="Open Author's twitter page"></i></a></span></h5>
+Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.
+</div>
+</div>
+<div class="cz-story-navigation">
+<ul><li><a href="https://www.bleepingcomputer.com/offer/deals/get-a-refurbished-lenovo-tab-4-android-tablet-for-under-80/"><i aria-hidden="true" title="Previous story" class="fa fa-chevron-left"></i> Previous Article </a></li>
+<li><a href="https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/">Next Article <i aria-hidden="true" title="Next story" class="fa fa-chevron-right"></i></a></li>
+</ul></div>
+<div class="cz-post-comment-wrapp" id="comment_form">
+<h5>Post a Comment <span><a href="https://www.bleepingcomputer.com/posting-guidelines/" target="_blank">Community Rules</a></span></h5>
+<div class="cz-comment-loggin-wrapp">
+<h6>You need to login in order to post a comment</h6>
+<input type="submit" value="Login" class="bc_login_btn cz-green-bttn"><p>Not a member yet? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register">Register Now</a></p>
+</div>
+</div>
+<div class="cz-related-article-wrapp">
+<h3>You may also like:</h3>
+<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script><ins class="adsbygoogle" style="display:block" data-ad-format="autorelaxed" data-ad-client="ca-pub-0920899300397823" data-ad-slot="4359266829"></ins>
+<script>
+ (adsbygoogle = window.adsbygoogle || []).push({});
+</script></div>
+</div>
+</div>
+
+<div class="col-md-4 bc_right_sidebar">
+<div class="s-ou-wrap">
+<div align="center">
+<a href="https://www.bleepingcomputer.com/mgo/33/" rel="nofollow noopener" target="_blank"><img src="https://www.bleepstatic.com/comp/b/blink/blink-ai-copilot.gif" width="100%" height="auto"></a>
+</div>
+</div>
+<div id="pop_stories">
+<div class="cz-line-heading"><div class="cz-line-heading-inner">Popular Stories</div></div>
+<ul>
+<li>
+<a class="pns" href="https://www.bleepingcomputer.com/news/security/new-marvin-attack-revives-25-year-old-decryption-flaw-in-rsa/">
+<div class="bc_pop_story_img)">
+<img class="b-lazy" alt="Key Decryptor Unlock" src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" data-src="https://www.bleepstatic.com/content/hl-images/2022/10/09/thumb/292x176_cyber-key.jpg">
+</div>
+<p>New Marvin attack revives 25-year-old decryption flaw in RSA</p>
+</a>
+</li>
+<li>
+<a class="pns" href="https://www.bleepingcomputer.com/news/security/amazon-sends-mastercard-google-play-gift-card-order-emails-by-mistake/">
+<div class="bc_pop_story_img)">
+<img class="b-lazy" alt="Amazon Prime" src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" data-src="https://www.bleepstatic.com/content/hl-images/2023/06/21/thumb/292x176_Amazon_prime.jpg">
+</div>
+<p>Amazon sends Mastercard, Google Play gift card order emails by mistake</p>
+</a>
+</li>
+</ul>
+</div>
+<div class="s-ou-wrap">
+<div align="center" data-freestar-ad="__300x250 __300x600" id="bleepingcomputer_300x250_300x600_160x600_Right_2">
+<script data-cfasync="false" type="text/javascript">
+ freestar.config.enabled_slots.push({ placementName: "bleepingcomputer_300x250_300x600_160x600_Right_2", slotId: "bleepingcomputer_300x250_300x600_160x600_Right_2" });
+</script>
+</div>
+</div>
+<div class="s-ou-wrap" id="pinned">
+<div align="center" data-freestar-ad="__300x250 __300x600" id="bleepingcomputer_300x250_300x600_160x600_Right_3">
+<script data-cfasync="false" type="text/javascript">
+ freestar.config.enabled_slots.push({ placementName: "bleepingcomputer_300x250_300x600_160x600_Right_3", slotId: "bleepingcomputer_300x250_300x600_160x600_Right_3" });
+</script>
+</div>
+</div>
+</div>
+</div>
+</div>
+</section>
+
+<section class="cz-boa-wrapp">
+<div class="container">
+<div class="row">
+<div class="col-md-12">
+<div align="center" data-freestar-ad="__300x50 __970x250" id="bleepingcomputer_728x90_970x90_970x250_320x50_BTF">
+<script data-cfasync="false" type="text/javascript">
+ freestar.config.enabled_slots.push({ placementName: "bleepingcomputer_728x90_970x90_970x250_320x50_BTF", slotId: "bleepingcomputer_728x90_970x90_970x250_320x50_BTF" });
+</script>
+</div>
+</div>
+</div>
+</div>
+</section>
+
+<footer id="footer">
+<div class="container">
+<div class="row">
+<div class="col-md-4">
+<h5>Follow us:</h5>
+<ul class="bc_social_icons">
+<li><a href="https://www.facebook.com/BleepingComputer" aria-label="Visit BleepingComputer's Facebook page"><span aria-hidden="true" class="fa-brands fa-facebook-f"></span></a></li>
+<li><a href="https://twitter.com/BleepinComputer" aria-label="Visit BleepingComputer's Twitter page"><span aria-hidden="true" class="fa-brands fa-twitter"></span></a></li>
+<li><a href="https://infosec.exchange/@BleepingComputer" aria-label="Visit BleepingComputer's Mastodon profile"><span aria-hidden="true" title="BleepingComputer Mastodon profile" class="fa-brands fa-mastodon"></span></a></li>
+<li><a href="https://www.youtube.com/user/BleepingComputer" aria-label="Visit BleepingComputer's YouTube page"><span aria-hidden="true" class="fa-brands fa-youtube"></span></a></li>
+<li><a href="https://www.bleepingcomputer.com/feed/" aria-label="BleepingComputer's RSS Feeds"><span aria-hidden="true" class="fa fa-rss"></span></a></li>
+</ul>
+</div>
+<div class="col-md-2">
+<h5>Main Sections</h5>
+<ul>
+<li><a href="https://www.bleepingcomputer.com/">News</a></li>
+<li><a href="https://www.bleepingcomputer.com/vpn/">VPN Buyer Guides</a></li>
+<li><a href="https://www.bleepingcomputer.com/download/">Downloads</a></li>
+<li><a href="https://www.bleepingcomputer.com/virus-removal/">Virus Removal Guides</a></li>
+<li><a href="https://www.bleepingcomputer.com/tutorials/">Tutorials</a></li>
+<li><a href="https://www.bleepingcomputer.com/startups/">Startup Database</a></li>
+<li><a href="https://www.bleepingcomputer.com/uninstall/">Uninstall Database</a></li>
+<li><a href="https://www.bleepingcomputer.com/glossary/">Glossary</a></li>
+</ul>
+</div>
+<div class="col-md-2">
+<h5>Community</h5>
+<ul>
+<li><a href="https://www.bleepingcomputer.com/forums/">Forums</a></li>
+<li><a href="https://www.bleepingcomputer.com/forum-rules/">Forum Rules</a></li>
+<li><a href="https://www.bleepingcomputer.com/forums/t/730914/the-bleepingcomputer-official-discord-chat-server-come-join-the-fun/">Chat</a></li>
+</ul>
+</div>
+<div class="col-md-2">
+<h5>Useful Resources</h5>
+<ul>
+<li><a href="https://www.bleepingcomputer.com/welcome-guide/">Welcome Guide</a></li>
+<li><a href="https://www.bleepingcomputer.com/sitemap/">Sitemap</a></li>
+</ul>
+</div>
+<div class="col-md-2">
+<h5>Company</h5>
+<ul>
+<li><a href="https://www.bleepingcomputer.com/about/">About BleepingComputer</a></li>
+<li><a href="https://www.bleepingcomputer.com/contact/">Contact Us</a></li>
+<li><a href="https://www.bleepingcomputer.com/news-tip/">Send us a Tip!</a></li>
+<li><a href="https://www.bleepingcomputer.com/advertise/">Advertising</a></li>
+<li><a href="https://www.bleepingcomputer.com/write-for-bleepingcomputer/">Write for BleepingComputer</a></li>
+<li><a href="https://www.bleepingcomputer.com/rss-feeds/">Social & Feeds</a></li>
+<li><a href="https://www.bleepingcomputer.com/changelog/">Changelog</a></li>
+</ul>
+</div>
+</div>
+</div>
+<div class="bc_footer_bottom">
+<div class="container">
+<div class="row">
+<div class="col-md-6">
+<p><a href="https://www.bleepingcomputer.com/terms-of-use/">Terms of Use</a> - <a href="https://www.bleepingcomputer.com/privacy/"> Privacy Policy</a> - <a href="https://www.bleepingcomputer.com/ethics-statement/">Ethics Statement</a> - <a href="https://www.bleepingcomputer.com/affiliate-disclosure/">Affiliate Disclosure</a></p>
+</div>
+<div class="col-md-6 bc_copyright">
+<p>Copyright @ 2003 - 2023 <a href="https://www.bleepingcomputer.com/"> Bleeping Computer<sup>®</sup> LLC </a> - All Rights Reserved</p>
+</div>
+</div>
+</div>
+</div>
+</footer>
+</div>
+
+
+<div class="bc_goto_top">
+<a href="#" title="Back to Top"><i aria-hidden="true" class="fa fa-chevron-up"></i></a>
+</div>
+
+
+<div class="bc_popup" aria-modal="true" aria-label="Login form">
+<div class="bc_login_form">
+<a class="bc_popup_close" href="javascript:;" aria-label="Close login form" title="Close"></a>
+<h4>Login</h4>
+<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process&return=https://www.bleepingcomputer.com/news/security/github-repos-bombarded-by-info-stealing-commits-masked-as-dependabot/" method="post">
+<div class="bc_form_feild">
+<label for="ips_username">Username</label>
+<input aria-label="Enter login name" title="Enter login name" type="text" id="ips_username" name="ips_username" spellcheck="false" autocomplete="username">
+</div>
+<div class="bc_form_feild">
+<label for="ips_password">Password</label>
+<input aria-label="Enter login password" title="Enter login passwod" type="password" id="ips_password" name="ips_password" spellcheck="false" autocomplete="current-password">
+</div>
+<div class="bc_form_feild">
+<div class="bc_remember">
+<input id="remember" type="checkbox" name="rememberMe" value="1" checked="checked">
+<label for="remember">Remember Me</label>
+</div>
+<div class="bc_anon">
+<input id="anonymous" type="checkbox" name="anonymous" value="1">
+<label for="anonymous">Sign in anonymously</label>
+</div>
+</div>
+<div class="bc_btn_wrap">
+<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024" />
+<input type="submit" aria-label="Login to site" title="Login" value="Login" class="bc_sub_btn">
+<a aria-label="Sign in with Twitter" href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter&return=https://www.bleepingcomputer.com/news/security/github-repos-bombarded-by-info-stealing-commits-masked-as-dependabot/" class="bc_twitter_btn"><img src="https://www.bleepstatic.com/images/site/login/twitter.png" width="28" height="24" alt="Sign in with Twitter button"> Sign in with Twitter</a>
+<hr/>
+<p>Not a member yet? <a aria-label="Register account" title="Register account" href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register">Register Now</a></p>
+</div>
+</form>
+</div>
+</div>
+
+
+<script async type="text/javascript" src="https://www.bleepstatic.com/js/redesign/bootstrap/js/bootstrap.js"></script>
+<script src="https://www.bleepstatic.com/js/blazy/blazy.min.js"></script>
+<script type="text/javascript" async src="https://www.bleepstatic.com/js/redesign/bleep.js"></script>
+<script type="text/javascript" async defer src="https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.js"></script>
+<script type="text/jscript">
+$(document).ready(function(e) {
+ $('.articleBody img').not('a>img').not('.contrib_but>img').click(function(e) {
+ e.preventDefault();
+ $.fancybox({'href' : $(this).attr('src')});
+ });
+});
+</script>
+<script src="//www.bleepstatic.com/js/fixto/fixto.min.js"></script>
+<script type="text/javascript">
+$(document).ready(function(){
+
+var content = $('.cz-main-left-section');
+var sidebar = $('.bc_right_sidebar');
+var count = 0;
+var myTimer;
+
+function setEqualContainer() {
+ var getContentHeight = content.outerHeight();
+ var getSidebarHeight = sidebar.outerHeight();
+
+ if ( getContentHeight > getSidebarHeight ) {
+ sidebar.css('min-height', getContentHeight);
+ }
+
+ if ( getSidebarHeight > getContentHeight ) {
+ content.css('min-height', getSidebarHeight);
+ }
+}
+
+// creating the timer which will run every 500 milliseconds
+// and will stop after the container will be loaded
+// ...or after 15 seconds to not eat a lot of memory
+
+myTimer = setInterval( function() {
+ count++;
+
+ if ( $('.testContainer').length == 0 ) {
+ setEqualContainer();
+ } else {
+ setEqualContainer();
+ clearInterval(myTimer);
+ }
+
+ if ( count == 15) {
+ clearInterval(myTimer);
+ }
+}, 500);
+
+ $('#pinned').fixTo('.bc_right_sidebar', {
+ bottom: 25,
+ });
+
+ $('#more_dd').click(function (e) {
+ e.preventDefault()
+ });
+
+ $('.bc_goto_top a').click(function(){
+ $("html, body").animate({ scrollTop: 0 }, 600);
+ return false;
+ });
+ jQuery('.bc_login_btn').on('click', function() {
+ jQuery('.bc_popup').fadeIn("slow");
+ });
+ jQuery('.bc_popup_close').on('click', function() {
+ jQuery('.bc_popup').fadeOut("slow");
+ });
+
+});
+</script>
+<script type="text/javascript">
+// validate comment box not empty
+function validate_comment_box_not_empty()
+{
+ $('#frm_comment_box').submit(function(e) {
+ if($('#comment_html_box').val().length==0)
+ {
+ alert("Please enter a comment before pressing submit");
+ return false;
+ }
+ else
+ {
+ return true;
+ }
+ });
+}
+
+function cz_strip_tags(input, allowed) {
+ allowed = (((allowed || '') + '')
+ .toLowerCase()
+ .match(/<[a-z][a-z0-9]*>/g) || [])
+ .join(''); // making sure the allowed arg is a string containing only tags in lowercase (<a><b><c>)
+ var tags = /<\/?([a-z][a-z0-9]*)\b[^>]*>/gi,
+ commentsAndPhpTags = /<!--[\s\S]*?-->|<\?(?:php)?[\s\S]*?\?>/gi;
+ return input.replace(commentsAndPhpTags, '')
+ .replace(tags, function($0, $1) {
+ return allowed.indexOf('<' + $1.toLowerCase() + '>') > -1 ? $0 : '';
+ });
+}
+function cz_br2nl(str) {
+ var regex = /<br\s*[\/]?>/gi;
+ //var pure_str = str.replace(regex,"\n");
+ var pure_str = str.replace(regex,"");
+ return cz_strip_tags(pure_str,'');
+}
+$(document).ready(function(e) {
+// validate comment box not empty
+validate_comment_box_not_empty();
+
+// report comment
+$('#comment-report-other-reason-wrap').css('display','none');
+$('.cz-popup-close').click(function(e) {
+ e.preventDefault();
+ $('.cz-popup').fadeOut("slow");
+});
+$('.cz-comment-report-btn').click(function(e) {
+ e.preventDefault();
+ $('.cz-popup').css('height',$( document ).height()+'px');
+ //var comment_box_report_top = $(this).offset().top;
+ var comment_box_report_top = $(document).scrollTop();
+ $('.cz-popup-wrapp').css('top',(comment_box_report_top+100)+'px');
+ $('#comment-id-report').val($(this).attr('data-id'));
+ $('.cz-popup').fadeIn("slow");
+});
+$("input[type='radio'][name='comment-report-reason']").click(function(e) {
+ if($(this).val()=='Other')
+ {
+ $('#comment-report-other-reason-wrap').css('display','block');
+ }
+ else
+ {
+ $('#comment-report-other-reason-wrap').css('display','none');
+ }
+});
+$('.comment-report-submit-btn').click(function(e) {
+ e.preventDefault();
+ var comment_report_reason = "";
+ var comment_report_reason = $("input[type='radio'][name='comment-report-reason']:checked").val();
+ if (comment_report_reason=='Other') {
+ comment_report_reason = $('#comment-report-other-reason').val();
+ }
+ if(comment_report_reason=='') {
+ alert('Please specify reason');
+ }
+ else
+ {
+ $('.cz-popup-report-submiting').css('display','inline-block');
+ $.ajax({
+
+ type: "POST",
+ url: 'https://www.bleepingcomputer.com/report-comment/',
+ data: { comment_id: $('#comment-id-report').val(), reason: comment_report_reason },
+ success: function(data) {
+ $('.cz-popup-report-submiting').css('display','none');
+ $('.cz-popup').fadeOut("slow");
+ }
+
+ });
+ }
+});
+// report comment
+
+ $('.cz_comment_reply_btn').click(function(e) {
+ e.preventDefault();
+ $('#parent_comment_id').val($(this).attr('data-id'));
+ $('#comment_html_box').attr('placeholder','Replying to '+$(this).attr('data-name'));
+ var comment_box_top = $('.cz-post-comment-wrapp').offset().top;
+ $("html, body").animate({ scrollTop: comment_box_top-100 }, 600);
+ $('#comment_html_box').focus();
+ });
+ $('.cz_comment_quote_btn').click(function(e) {
+ e.preventDefault();
+ var quote_comment_html ='';
+ if($(this).attr('data-id')!=undefined && $(this).attr('data-id')!='')
+ {
+ $('#parent_comment_id').val($(this).attr('data-id'));
+ quote_comment_html = $('#comment_html_'+$(this).attr('data-id')).html();
+ }
+ quote_comment_html = cz_br2nl(quote_comment_html);
+ $('#comment_html_box').val('"'+quote_comment_html+'"\n\n');
+ var comment_box_top = $('.cz-post-comment-wrapp').offset().top;
+ $("html, body").animate({ scrollTop: comment_box_top-100 }, 600);
+ $('#comment_html_box').focus();
+ });
+
+});
+
+function editForm(cid)
+{
+
+ $.ajax({
+
+ type: "GET",
+ url: window.location.href+"?sa=1",
+ data: { f: "e", cid: cid },
+ success: function(data) {
+ $('.cz-post-comment-wrapp').html(data);
+ validate_comment_box_not_empty();
+ }
+
+ });
+
+ var comment_box_top = $('.cz-post-comment-wrapp').offset().top;
+ $("html, body").animate({ scrollTop: comment_box_top-100 }, 600);
+
+}
+
+$(document).on('click', '.cz-subscribe-button' , function(e) {
+ e.preventDefault();
+
+ $.ajax({
+
+ type: "POST",
+ url: window.location.href,
+ data: { a: 'sub' },
+ success: function(data) {
+ if(data == '1')
+ $( "li.cz-subscribe-button" ).replaceWith( '<li aria-label="Unsubscribe from comments" title="Unsubscribe from comments" class="cz-unsubscribe-button"><a href="#"></a></li>');
+ }
+
+ });
+});
+
+$(document).on('click', '.cz-unsubscribe-button' , function(e) {
+ e.preventDefault();
+
+ $.ajax({
+
+ type: "POST",
+ url: window.location.href,
+ data: { a: 'unsub' },
+ success: function(data) {
+ if(data == '1')
+ $( "li.cz-unsubscribe-button" ).replaceWith( '<li aria-label="Subscribe to comments" title="Subscribe to comments" class="cz-subscribe-button"><a href="#"></a></li>');
+ }
+
+ });
+
+});
+</script>
+<script type="text/javascript">
+$('.cz-print-icon, .cz-lg-print-icon').click(function(e) {
+ e.preventDefault();
+ var divToPrint = document.getElementById('.article_section');
+ var mywindow = window.open('','','left=0,top=0,width=950,height=600,toolbar=0,scrollbars=0,status=0,addressbar=0');
+
+ var is_chrome = Boolean(mywindow.chrome);
+ mywindow.document.write($( ".article_section" ).html());
+ mywindow.document.close(); // necessary for IE >= 10 and necessary before onload for chrome
+
+ if (is_chrome) {
+ mywindow.onload = function() { // wait until all resources loaded
+ mywindow.focus(); // necessary for IE >= 10
+ mywindow.print(); // change window to mywindow
+ mywindow.close();// change window to mywindow
+ };
+ }
+ else {
+ mywindow.document.close(); // necessary for IE >= 10
+ mywindow.focus(); // necessary for IE >= 10
+ mywindow.print();
+ mywindow.close();
+ }
+
+ return true;
+});
+</script>
+<script type="text/javascript">
+
+var loginhash = '880ea6a14ea49e853634fbdc5015a024';
+var main_nav_hide_flag = true;
+var scrollTop =0;
+var main_nav_hide_timer = '';
+
+function call_main_nav_hide()
+{
+ if(main_nav_hide_flag && scrollTop >=100)
+ {
+ $('header').addClass("nav-up");
+ }
+}
+var cz_header_pos = $('header').offset().top;
+$(window).scroll(function() {
+ $('header').each(function(){
+ var cz_top_of_window = $(window).scrollTop()-100;
+ if (cz_top_of_window > cz_header_pos) {
+ $('.bc_goto_top').fadeIn("slow");
+ } else {
+ $('.bc_goto_top').fadeOut("slow");
+ }
+ });
+
+});
+var prevScrollTop = 0;
+$(window).scroll(function(event){
+ scrollTop = $(this).scrollTop();
+
+ if ( scrollTop < 0 ) {
+ scrollTop = 0;
+ }
+ if ( scrollTop > $('body').height() - $(window).height() ) {
+ scrollTop = $('body').height() - $(window).height();
+ }
+
+ if (scrollTop >= prevScrollTop && scrollTop) {
+ $('header').addClass("nav-up");
+ } else {
+ if (scrollTop >=100)
+ {
+ $('header').removeClass("nav-up");
+ main_nav_hide_timer = setTimeout("call_main_nav_hide()",5000);
+ }
+ else
+ {
+ $('header').removeClass("nav-up");
+ clearInterval(main_nav_hide_timer);
+ }
+ }
+
+ prevScrollTop = scrollTop;
+});
+$(document).ready(function(){
+ var bLazy = new Blazy();
+
+ $(".bc_dropdown a").mouseenter(function(e) {
+ $(this).parent('.bc_dropdown').delay(250).queue(function(){
+ $(this).addClass('show_menu').dequeue();
+ bLazy.revalidate();
+ });
+ main_nav_hide_flag = false;
+ });
+ $(".bc_dropdown").mouseleave(function(e) {
+ $(".bc_dropdown").clearQueue().stop().removeClass('show_menu');
+ main_nav_hide_flag = true;
+ if (scrollTop >=100)
+ {
+ main_nav_hide_timer = setTimeout("call_main_nav_hide()",5000);
+ }
+ });
+ $('.bc_dropdown a').each(function(){
+ if($(this).is(":hover"))
+ {
+ $(this).mouseenter();
+ }
+ });
+$('#bc_drop_tab a').hover(function (e) {
+ e.preventDefault()
+ $(this).tab('show')
+ bLazy.revalidate();
+});
+
+ $('#more_dd').click(function (e) {
+ e.preventDefault()
+ });
+
+ $('.bc_goto_top a').click(function(){
+ $("html, body").animate({ scrollTop: 0 }, 600);
+ return false;
+ });
+ jQuery('.bc_login_btn').on('click', function() {
+ jQuery('.bc_popup').fadeIn("slow");
+ $('#ips_username').focus();
+ });
+ jQuery('.bc_popup_close').on('click', function() {
+ jQuery('.bc_popup').fadeOut("slow");
+ });
+
+
+});
+
+$(document).mouseup(function (e)
+{
+ var container = $(".bc_login_form");
+
+ if (!container.is(e.target) // if the target of the click isn't the container...
+ && container.has(e.target).length === 0 && $('.bc_popup').css('display') =='block') // ... nor a descendant of the container
+ {
+ jQuery('.bc_popup').fadeOut("slow");
+ }
+});
+if($(window).width() < 767)
+{
+ $(".nav-menu").on('click','li', function(){
+ $(this).toggleClass('active').siblings().removeClass('active');
+
+ })
+}
+</script>
+<section class="cz-popup">
+<div class="cz-popup-wrapp">
+<a class="cz-popup-close" href="javascript:;" title="Close"> <i aria-hidden="true" title="Times reported" class="fa fa-times"></i> </a>
+<h4>Reporter</h4>
+<div class="cz-popup-inner-wrapp">
+<h6>Help us understand the problem. What is going on with this comment?</h6>
+<form>
+<input type="hidden" id="comment-id-report" value="0">
+<ul>
+<li>
+<label><input type="radio" name="comment-report-reason" value="Spam">Spam</label>
+</li>
+<li>
+<label><input type="radio" name="comment-report-reason" value="Abusive or Harmful">Abusive or Harmful</label>
+</li>
+<li>
+<label><input type="radio" name="comment-report-reason" value="Inappropriate content">Inappropriate content</label>
+</li>
+<li>
+<label><input type="radio" name="comment-report-reason" value="Strong language">Strong language</label>
+</li>
+<li>
+<label><input type="radio" name="comment-report-reason" value="Other">Other</label>
+</li>
+<li id="comment-report-other-reason-wrap" style="display:none;">
+<textarea aria-label="Enter other reason for reporting the comment" rows="2" cols="2" id="comment-report-other-reason"></textarea>
+</li>
+</ul>
+<p>Read our <a href="https://www.bleepingcomputer.com/posting-guidelines/">posting guidelinese</a> to learn what content is prohibited.</p>
+</form>
+</div>
+<div class="cz-popup-bottom-wrapp">
+<div class="cz-popup-report-submiting" style="display:none;">Submitting...</div>
+<a href="#" title="Submit" class="cz-next-btn comment-report-submit-btn">SUBMIT</a>
+</div>
+</div>
+</section>
+<noscript id="deferred-styles">
+
+<link rel="stylesheet" href="https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.css" type="text/css" media="screen" />
+ <link href="https://www.bleepstatic.com/redesign/fontawesome6/css/fontawesome.min.css" rel="stylesheet" type="text/css" media="all">
+ <link href="https://www.bleepstatic.com/redesign/fontawesome6/css/brands.min.css" rel="stylesheet" type="text/css" media="all">
+ <link href="https://www.bleepstatic.com/redesign/fontawesome6/css/solid.min.css" rel="stylesheet" type="text/css" media="all">
+ </noscript>
+<script>
+ var loadDeferredStyles = function() {
+ var addStylesNode = document.getElementById("deferred-styles");
+ var replacement = document.createElement("div");
+ replacement.innerHTML = addStylesNode.textContent;
+ document.body.appendChild(replacement)
+ addStylesNode.parentElement.removeChild(addStylesNode);
+ };
+ var raf = requestAnimationFrame || mozRequestAnimationFrame ||
+ webkitRequestAnimationFrame || msRequestAnimationFrame;
+ if (raf) raf(function() { window.setTimeout(loadDeferredStyles, 0); });
+ else window.addEventListener('load', loadDeferredStyles);
+ </script>
+<script type="text/javascript" async src="//s9.addthis.com/js/300/addthis_widget.js#pubid=ra-561517d2c7f964d6&domready=1"></script>
+</body>
+</html>
+\ No newline at end of file