These fake GitHub "security alerts" could actually let hackers hijack your account
Security researchers spot new phishing campaign targeting GitHub users A fake "security alert" GitHub account was notifying users of suspicious logins The links in the notification all point to a ...
CSO Online7d
GitHub accounts targeted with fake security alerts
In a new phishing campaign, GitHub developers are being targeted with fake “Security Alerts” where they are prompted to ...
The Hacker News22h
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed
CVE-2025-30066 supply chain attack compromised tj-actions on March 14, 2025, exposing 218 repositories and leaking ...
Fake security warning: Fraudsters try to hijack Github accounts
Security researchers have reported attempted attacks on around 12,000 Github repositories. Attackers want to gain full ...
GitHub supply chain attack spills secrets from 23,000 projects
StepSecurity disclosed a compromise of the popular GitHub Action tj-actions/changed-files, which works to detect file changes ...
Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts
A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full ...
The Hacker News11d
GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
(CVE-2025-25291, CVE-2025-25292) allow SAML authentication bypass (CVSS 8.8). Update to versions 1.12.4 or 1.18.0 now.
SecurityWeek3d
Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
InfoWorld6d
Thousands of open source projects at risk from hack of GitHub Actions tool
Researchers say compromised tool in the GitHub CI/CD environment stole credentials; infosec leaders need to act immediately.