GIGAZINE

Malware appears that uses GitHub notification emails to trick users into thinking they are from the security team

Ian Spence, an open source software (OSS) developer, reported in a blog post the existence of malware that exploits GitHub notification emails. GitHub Notification Emails Hijacked to Send Malware - ...
Techzine Europe

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign is currently targeting developers via GitHub. Attackers are exploiting the Discussions feature to spread fake security ...

GitHub developers targeted by fake VS Code alerts spreading malware

The 'Discussions' section is being manipulated into delivering malware to software devs.
Bleeping Computer

Clever 'GitHub Scanner' campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to ...

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...