Researchers find thousands of repos on GitHub offering fake proof-of-concept exploits for various vulnerabilities, with many of them containing malware instead (Bill Toulas/BleepingComputer)

Sergiu Gatlan / BleepingComputer:
Dropbox says hackers stole code and some API keys from 130 GitHub repositories via a phishing campaign, but its core apps and infrastructure were unaffected  —  Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub …

Bill Toulas / BleepingComputer:
Symantec details an ongoing campaign by the Witchetty hacking group, potentially tied to a China-backed threat actor, that hides malware in a Windows logo image  —  Security researchers have discovered a malicious campaign by the ‘Witchetty’ hacking group, which uses steganography to hide a backdoor malware in a Windows logo.

Bill Toulas / BleepingComputer:
McAfee researchers found 16 clicker apps with adware in Google Play with 20M+ downloads in total; Google removed the apps after McAfee reported them  —  Security researchers at McAfee have discovered a set of 16 malicious clicker apps that managed to sneak into Google Play, the official app store for Android.

Hoakley / The Eclectic Light Company:
Apple quietly updates macOS malware protections to scan more frequently, bringing the OS malware protection on par with many commercial anti-malware products  —  In the last six months macOS malware protection has changed more than it did over the previous seven years.

Bill Toulas / BleepingComputer:
Lookout: almost 50% of Android phones used by US state and local government staff run outdated versions of the OS, exposing them to hundreds of vulnerabilities  —  According to a new report, almost half of Android-based mobile phones used by U.S. state and local government employees …

Eduard Kovacs / SecurityWeek:
Pwn2Own Toronto 2022: participants earned a total of $400K for new exploits targeting Samsung Galaxy S22, printers, routers, and NAS devices on the first day  —  On the first day of the Pwn2Own Toronto 2022 hacking competition, participants earned a total of $400,000 for new exploits targeting phones, printers, routers and NAS devices.