Bleeping Computer

Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full ...
Bleeping Computer

Clever 'GitHub Scanner' campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to ...
HealthcareInfoSecurity

GitHub Copilot Chat Flaw Let Private Code Leak Via Images

A now-patched flaw in GitHub Copilot Chat could have allowed attackers to steal private source code and secrets by embedding ...

GitHub Copilot Chat turns blabbermouth with crafty prompt injection attack

Researcher Omer Mayraz of Legit Security disclosed a critical vulnerability, dubbed CamoLeak, that could be used to trick ...