Phishing campaign targets 12,000 GitHub repositories

bleepingcomputer.com — March 16, 2025 at 07:01 PM UTC

A phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues. Developers are tricked into authorizing a malicious OAuth app, giving attackers full control over their accounts and code. The fake alerts claim unusual login attempts from Reykjavik, Iceland. They prompt users to take security actions, but all links lead to a harmful app requesting risky permissions. GitHub is likely responding to the attack, as the number of targeted repositories fluctuates. Users who authorized the malicious app should revoke its access and check for suspicious activity in their accounts.

With a significance score of 3.5, this news ranks in the top 14% of today's 18087 analyzed articles.

Get summaries of news with significance over 5.5 (usually ~10 stories per week). Read by 9000 minimalists.

Phishing campaign targets 12,000 GitHub repositories

More on this topic:

More on this topic: