Bleeping Computer

Gitloker attacks abuse GitHub notifications to push malicious OAuth apps

Threat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos. The ...
GIGAZINE

Malware appears that uses GitHub notification emails to trick users into thinking they are from the security team

Ian Spence, an open source software (OSS) developer, reported in a blog post the existence of malware that exploits GitHub notification emails. GitHub Notification Emails Hijacked to Send Malware - ...
Bleeping Computer

GitHub notifications abused to impersonate Y Combinator for crypto theft

A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program. Y Combinator is a startup accelerator that funds ...

These fake GitHub "security alerts" could actually let hackers hijack your account

Security researchers spot new phishing campaign targeting GitHub users A fake "security alert" GitHub account was notifying ...
Dark Reading

GitHub Repos Targeted in Cyber-Extortion Attacks

An unknown user going by the handle "Gitloker" is grabbing and wiping clean repositories on GitHub in an apparent effort to extort victims. The campaign, which a researcher at Chilean cybersecurity ...