A newly discovered phishing scam targeting users of the U.S. Department of the Treasury's Electronic Federal Tax Payment System (EFTPS), a free tax payment service, is making its way into inboxes, according to researchers at McAfee. The messages, which contain the subject line: "Your EFTPS Tax Payment ID has been rejected," claim that the recipient's tax payment did not go through because of an invalid ID number. The messages direct users to a fake website for additional information. Researchers discovered a set of spoofed websites used in the attack that were created on Sept. 12. Users should disregard such messages, researchers said. — AM
Hundreds of GitHub repositories have been targeted with fraudulent commits purportedly from GitHub's free automated dependency management tool Dependabot in a bid to facilitate malicious code injections and exfiltrate sensitive project data exfiltration, reports SecurityWeek.