"Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack"

A new study reveals that millions of software repositories on GitHub are likely vulnerable to an attack called "RepoJacking." According to a report recently released by the cloud-native security firm Aqua, this includes repositories from companies such as Google, Lyft, and more. The supply chain vulnerability, also known as dependency repository hijacking, is a type of attack that allows malicious actors to take control of retired usernames and publish trojanized repositories that execute malicious code. When a repository owner changes their username, a link is created between the old and new name for anyone who has downloaded dependencies from the old repository, according to researchers Ilay Goldman and Yakir Kadkoh. However, anyone can create the old username and break the link. This article continues to discuss the vulnerability of millions of software repositories on GitHub to RepoJacking.

THN reports "Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack"