Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python ...
GitHub

Medowhill/crawl-github-repos

This script fetches public GitHub repositories matching language:C++, sorted by stars descending, and writes them to JSONL while handling GitHub search pagination, the 1000-result cap, and rate ...
GitHub

A self-hosted, security-hardened web fetch proxy for AI agents.

Safetch is a minimal, auditable, and secure HTTP fetch service designed for AI agents that need to retrieve and process web content safely. It solves the problem of untrusted web fetching by ...