Researchers have uncovered a sustained campaign using GitHub's public APIs and ghost accounts to profile enterprise software ...
GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, ...
GitHub ghost accounts and exposed PATs scrape corporate orgs through the API, with select cases cloning private repos.
A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full ...
A trio of ongoing campaigns have highlighted once again the continued popularity among cybercriminals of malicious OAuth apps as a go-to attack method. In one wave of recent attacks, threat actors ...
A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases. A single click on the wrong repository could have put a ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results