Researchers have uncovered a sustained campaign using GitHub's public APIs and ghost accounts to profile enterprise software ...
GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, ...
A trio of ongoing campaigns have highlighted once again the continued popularity among cybercriminals of malicious OAuth apps as a go-to attack method. In one wave of recent attacks, threat actors ...
A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases. A single click on the wrong repository could have put a ...
A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results