A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers ...

It added, most most of those affected authorized Heroku or Travis CI OAuth apps in their GitHub accounts. Attacks were selective and attackers listed the private repositories of interest.

The attacker used stolen OAuth app tokens issued to Heroku and Travis-CI to breach GitHub.com customer accounts with authorized Heroku or Travis CI OAuth app integrations. GitHub's Chief Security ...

GitHub said Friday that five specific OAuth applications were affected — four versions of Heroku Dashboard, and Travis CI (IDs 145909, 628778, 313468, 363831 and 9261).

When users install the app, Waydev receives an OAuth token that it can use to access its customers' GitHub or GitLab projects. Waydev stores this token in its database and uses it on a daily basis ...

A Russian researcher was able to take five low severity OAuth bugs and string them together to create what he calls a “simple but high severity exploit” in Github.

GitHub Mobile 2FA will be available to all GitHub users in the App Store and Play Store this week. ... or OAuth or GitHub App installation tokens for all authenticated Git operations on GitHub ...

Last week, GitHub Security researchers reported that an unknown attacker is using stolen OAuth user tokens issued to Heroku and Travis-CI to download data from dozens of organization’s private ...