Fake Security Alert Issues on GitHub Use OAuth App to Hijack Accounts

A vast phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth application that grants attackers full control over their accounts and code. This campaign uses fake security notifications to prompt users to click on a link leading to a phishing page. Once credentials are entered, attackers gain complete access to the victims' GitHub accounts.