Phishing Campaign Targets Github Users We use the pyfunceble testing tool to validate the status of all known phishing domains and provide stats to reveal how many unique domains used for phishing are still active. On september 16, github security learned that threat actors were targeting github users with a phishing campaign by impersonating circleci to harvest user credentials and two factor codes. while github itself was not affected, the campaign has impacted many victim organizations.
Github Alerts Users To Active Phishing Campaign It Pro A newly uncovered phishing campaign is actively targeting organizations in south korea by abusing github as a command and control (c2) server. Cybersecurity researchers have identified a sophisticated new phishing campaign that exploits github’s oauth2 device authorization flow to compromise developer accounts and steal authentication tokens. Cybersecurity experts are sounding alarms over a sophisticated phishing tool called goissue, designed to execute large scale email phishing campaigns targeting github users. Cybersecurity researchers have uncovered a new phishing campaign that exploits github’s official notification system to deliver malicious links and credential stealing payloads.
Phishing With Github Cybersecurity experts are sounding alarms over a sophisticated phishing tool called goissue, designed to execute large scale email phishing campaigns targeting github users. Cybersecurity researchers have uncovered a new phishing campaign that exploits github’s official notification system to deliver malicious links and credential stealing payloads. Goissue is a new phishing tool that targets github developers with bulk emails, posing risks of data theft and project breaches. The campaign, identified on march 16, 2025, tries to trick developers into authorizing a malicious oauth application that grants attackers comprehensive control over victims' accounts and code repositories. This approach allows attackers to move beyond simple email scraping to execute complex, targeted campaigns against the github developer community. buyers are encouraged to contact the seller, cyberluffy, through private messages on the forum or via telegram. (credit: shutterstock) a phishing operation has compromised close to 12,000 github repositories by deploying fake “security alert” issues. this campaign deceives developers into granting authorisation to a rogue oauth application, allowing cybercriminals to seize complete control over their accounts and repositories, reported bleepingcomputer.
Phishing On Github A Sophisticated Attack Leveraging Brand Trust Goissue is a new phishing tool that targets github developers with bulk emails, posing risks of data theft and project breaches. The campaign, identified on march 16, 2025, tries to trick developers into authorizing a malicious oauth application that grants attackers comprehensive control over victims' accounts and code repositories. This approach allows attackers to move beyond simple email scraping to execute complex, targeted campaigns against the github developer community. buyers are encouraged to contact the seller, cyberluffy, through private messages on the forum or via telegram. (credit: shutterstock) a phishing operation has compromised close to 12,000 github repositories by deploying fake “security alert” issues. this campaign deceives developers into granting authorisation to a rogue oauth application, allowing cybercriminals to seize complete control over their accounts and repositories, reported bleepingcomputer.
Phishing On Github A Sophisticated Attack Leveraging Brand Trust This approach allows attackers to move beyond simple email scraping to execute complex, targeted campaigns against the github developer community. buyers are encouraged to contact the seller, cyberluffy, through private messages on the forum or via telegram. (credit: shutterstock) a phishing operation has compromised close to 12,000 github repositories by deploying fake “security alert” issues. this campaign deceives developers into granting authorisation to a rogue oauth application, allowing cybercriminals to seize complete control over their accounts and repositories, reported bleepingcomputer.
Comments are closed.