Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
GIGAZINE

Malware appears that uses GitHub notification emails to trick users into thinking they are from the security team

Ian Spence, an open source software (OSS) developer, reported in a blog post the existence of malware that exploits GitHub notification emails. GitHub Notification Emails Hijacked to Send Malware - ...
Bleeping Computer

Clever 'GitHub Scanner' campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to ...