Bleeping Computer

GitHub accounts stolen in ongoing phishing attacks

GitHub users are currently being targeted by a phishing campaign specifically designed to collect and steal their credentials via landing pages mimicking GitHub's login page. Besides taking over their ...
Ars Technica

GitHub abused to distribute payloads on behalf of malware-as-a-service

Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to ...
Bleeping Computer

Hackers stealing GitHub accounts using fake CircleCI notifications

GitHub is warning of an ongoing phishing campaign that started on September 16 and is targeting its users with emails that impersonate the CircleCI continuous integration and delivery platform. The ...
PC World

GitHub bans weak passwords after brute-force attack results in compromised accounts

Popular source code repository service GitHub has recently been hit by a brute-force password-guessing attack that successfully compromised some accounts. “We sent an email to users with compromised ...
Dark Reading

'Stargazer Goblin' Amasses Rogue GitHub Accounts to Spread Malware

A threat actor known as "Stargazer Goblin" has found a new way to leverage GitHub to distribute malware and malicious links to unsuspecting users. Instead of hosting malware on GitHub and then luring ...