Bleeping Computer

Gitloker attacks abuse GitHub notifications to push malicious OAuth apps

Threat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos. The ...
Bleeping Computer

GitHub notifications abused to impersonate Y Combinator for crypto theft

A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program. Y Combinator is a startup accelerator that funds ...

These fake GitHub "security alerts" could actually let hackers hijack your account

Security researchers spot new phishing campaign targeting GitHub users A fake "security alert" GitHub account was notifying ...
Dark Reading

GitHub Repos Targeted in Cyber-Extortion Attacks

An unknown user going by the handle "Gitloker" is grabbing and wiping clean repositories on GitHub in an apparent effort to extort victims. The campaign, which a researcher at Chilean cybersecurity ...