<ul><li>Fake GitHub "security alerts" are being used in a new phishing campaign to trick unsuspecting users.</li><li>The campaign involves creating a GitHub account called "GitHub Notification" and sending fake security alerts to users.</li><li>The alert claims to be about suspicious activity and includes links to update password, manage sessions, and enable two-factor authentication.</li><li>However, the links lead to a GitHub authorization page for a malicious OAuth app that requests extensive permissions.</li></ul>

These fake GitHub "security alerts" could actually let hackers hijack your account

Discover more