Bleeping Computer

GitHub accounts stolen in ongoing phishing attacks

GitHub users are currently being targeted by a phishing campaign specifically designed to collect and steal their credentials via landing pages mimicking GitHub's login page. Besides taking over their ...
Bleeping Computer

GitHub Service Abused by Attackers to Host Phishing Kits

Malicious actors hosted phishing kits on the web-based GitHub code hosting platform by abusing the service's free repositories to deliver them to their targets via github.io domains. This technique ...
Ars Technica

GitHub abused to distribute payloads on behalf of malware-as-a-service

Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to ...
Dark Reading

'Stargazer Goblin' Amasses Rogue GitHub Accounts to Spread Malware

A threat actor known as "Stargazer Goblin" has found a new way to leverage GitHub to distribute malware and malicious links to unsuspecting users. Instead of hosting malware on GitHub and then luring ...