Github Repositories Bombarded by Info-Stealing Commits Masked as Dependabot
The attack involves creating fake commit messages titled “fix” to introduce malware that extracts secrets from targeted repositories and steals passwords from web-form submissions.