CSOonline

GitHub accounts targeted with fake security alerts

In a new phishing campaign, GitHub developers are being targeted with fake “Security Alerts” where they are prompted to authorize a malicious OAuth application. Successful execution of the Click-fix ...
Wired

A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub

A secretive network of around 3,000 “ghost” accounts on GitHub has quietly been manipulating pages on the code-hosting website to promote malware and phishing links, according to new research seen by ...

How GitHub Is Securing the Software Supply Chain

In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the open-source software supply chain.
Infosecurity-magazine.com

Salesloft: GitHub Account Breach Was Ground Zero in Drift Campaign

A major data theft campaign targeting Salesforce data via the Salesloft Drift app began after threat actors compromised a key GitHub account, Salesloft has revealed. The sales engagement firm said in ...