Gitloker attacks abuse GitHub notifications to push malicious oAuth apps

June 10, 2024 at 06:25PM Threat actors are impersonating GitHub’s teams in phishing attacks, aiming to hijack repositories using malicious OAuth apps. These attackers have been targeting developers with fake job offers or security alerts via phishing emails and redirecting them to fake GitHub landing pages, leading to compromised accounts and wiped repositories. GitHub advises … Read more