Are scams-via-GitHub-issues the new phishing meta? Second novel phishing attempt I've seen across my 250+ repos... github.com/geerlingguy/... - ThreadSky

jeffgeerling.com • 5 days ago

Are scams-via-GitHub-issues the new phishing meta? Second novel phishing attempt I've seen across my 250+ repos... https://github.com/geerlingguy/3d-printing/issues/17

Comments

woovie.net•5 days ago

GitHub moderation is an absolute mess in general. Zero surprise this type of scheme is taking off.

fry69.dev•5 days ago

Microsoft has a history with scams/phishing/etc not getting under control...

ohaiibuzzle.dev•5 days ago

Remind me of IE and its toolbars

nicejs.codersquack.nl•5 days ago

i've seen one of a someone/bot advertising "minecraft apk download" on a completely unrelated repo a while ago

tbh i'm not sure why there are scammers doing this

georggi.bsky.social•5 days ago

Well, people are unlikely to click this in issues themselves. Seems more likely to be intended for email notifications of new issues.

thenerdman.bsky.social•5 days ago

I wonder if githubs new MCP is allowing bad actors to use agents to come out with more crap like this

darkcisum.bsky.social•5 days ago

Saw it on some repo as well. Reported the user. GitHub Support already took action.
Unfortunately, since this is IMHO mostly "attacks" people who have email notifications turn on, the "damage" will already have been done.

Hopefully it's not some research paper thing... 🙄

rachelbc.bsky.social•5 days ago

Link 404s 👀

dfx4509b.bsky.social•5 days ago

Might be a good idea to migrate to something like Forgejo or even Gitlab if Github becomes a scam hub.

mrpowershell.bsky.social•5 days ago

Short answer : yes.

This social engineering vector is all the rage right now (and a big way supply chain attacks occur ).

totallynotseth.dev•5 days ago

Vibe coders won't stand a chance

alexjs.dev•5 days ago

This is why I'm terrified of making an app with text boxes. Moderation is hard and you can't responsibly ignore it

paolobarbolini.bsky.social•5 days ago

This time the reaction seems to have been a bit faster:

- last issue opened 2 hours ago
- Render hoster site already blocked
- they've stopped at 5.5k issues (less than half than the previous time)

shadysomething.bsky.social•5 days ago

Hear me out… It’s owned by Microsoft…

justbemustafa.bsky.social•5 days ago

wtf lol

fry69.dev•5 days ago

During a wave of spamming obvious exploits via GitHub issues, I reported several of them and even got a response from the security team (after a few hours).

But the issue with the exploit were not removed for days (stopped tracking after a week or so).

GitHub is becoming the Windows XP in security

Comments

Posting Rules

Reply