Hijacking Github Accounts Using Phishing Emails Kaspersky Official Blog Researchers uncover phishing using fake github alerts with altered headers, bypassing filters and stealing developer credentials. The campaign abuses github releases as a trusted malware delivery channel, using large trojanized archives and disposable accounts to repeatedly evade takedowns. beyond serving as a lure, the leaked source code itself introduces longer term risks including vulnerability discovery, prompt injection blueprinting, and agentic attack surface exposure.
Hijacking Github Accounts Using Phishing Emails Kaspersky Official Blog A new supply chain attack on github, dubbed 'ghostaction,' has compromised 3,325 secrets, including pypi, npm, dockerhub, github tokens, cloudflare, and aws keys. Cybersecurity researchers have uncovered a sophisticated phishing campaign that exploits github notification emails to deliver stealthy malware to software developers. Cybersecurity researchers have identified a sophisticated new phishing campaign that exploits github’s oauth2 device authorization flow to compromise developer accounts and steal authentication tokens. Overview on march 31, 2026, attackers hijacked the npm account of jasonsaayman, the primary maintainer of the axios javascript http client library. using stolen credentials, they published two.
Hijacking Github Accounts Using Phishing Emails Kaspersky Official Blog Cybersecurity researchers have identified a sophisticated new phishing campaign that exploits github’s oauth2 device authorization flow to compromise developer accounts and steal authentication tokens. Overview on march 31, 2026, attackers hijacked the npm account of jasonsaayman, the primary maintainer of the axios javascript http client library. using stolen credentials, they published two. Cybersecurity researchers have uncovered a new phishing campaign that exploits github’s official notification system to deliver malicious links and credential stealing payloads. A new github oauth attack is tricking users with fake security alerts, hijacking accounts, and granting attackers persistent access to code repositories. learn how the attack works, why oauth remains a major security blind spot, and how vorlon helps security teams detect and respond to these threats before they escalate. On september 5, 2025, gitguardian discovered ghostaction, a massive supply chain attack affecting 327 github users across 817 repositories. attackers injected malicious workflows that exfiltrated 3,325 secrets, including pypi, npm, and dockerhub tokens via http post requests to a remote endpoint. Thousands of secrets such as pypi and aws keys, github tokens, and more, were stolen recently during a supply chain attack against github, dubbed ‘ghostaction’. the attack was spotted by.
Comments are closed.