Threat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos. The ...
A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to ...
Hosted on MSN
A single 'git push' could hijack millions of GitHub repositories — and nobody knew for weeks
Sometime in early 2026, a flaw hiding inside one of the most routine actions in software development went live on the world’s largest code-hosting platform. Every time a developer ran git push to send ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results