BleepingComputer reports that GitHub users are being targeted in an ongoing phishing campaign spoofing the CircleCI continuous integration and delivery platform, which commenced last week.
"While GitHub itself was not affected, the campaign has impacted many victim organizations," said GitHub, which added that all accounts with indications of fraudulent activity have already been suspended.
Meanwhile, CircleCI has advised users that it would never seek user credentials to view terms of service changes. "
Any emails from CircleCI should only include links to circleci.com or its sub-domains. If you believe you or someone on your team may have accidentally clicked a link in this email, please immediately rotate your credentials for both GitHub and CircleCI, and audit your systems for any unauthorized activity," said CircleCI.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news