Hundreds of GitHub repositories have been targeted with fraudulent commits purportedly from GitHub's free automated dependency management tool Dependabot in a bid to facilitate malicious code injections and exfiltrate sensitive project data exfiltration, reports SecurityWeek.
Article Link: Fraudulent Dependabot commits leveraged for malicious code injection | SC Media