GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say (opens in new tab)

Alexander Martin reports: GitHub rejected two formal vulnerability reports identifying design flaws that researchers say are enabling variants of the Shai-Hulud supply-chain worm to infect and compromise hundreds of software packages and developer accounts worldwide. The reports, submitted by threat intelligence group Deep Specter Research through GitHub’s bug disclosure channel on HackerOne, were both closed… Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills...