Researchers have uncovered a stealthy phishing technique that weaponizes GitHub’s own notification system to deliver credential-harvesting lures directly to developers’ inboxes completely bypassing multi-factor authentication (MFA) and traditional phishing defenses. Developers have emerged as a top-priority target for threat actors because of their privileged position in the software supply chain. As builders of the code […] The post Malicious OAuth Apps Turn GitHub Issue Notifications Into Phishing Lures appeared first on Cyber Security News.