Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

Datadog Security Labs is warning of “several overlapping campaigns” that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API.

“Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub ‘ghost’ accounts that are often years old, or compromised OAuth tokens and personal

Source: The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks

New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a

The Onboarding Password Mistake That Creates Unnecessary Risk

The Onboarding Password Mistake That Creates Unnecessary Risk Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a

Guardian Agents: The Next Layer of Identity Governance

Guardian Agents: The Next Layer of Identity Governance AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity