Introducing: GitHub Device Code Phishing

What if all it took to compromise a GitHub organization–and thus, the organization’s supply chain–was an eight-digit code and a phone call? Introducing: GitHub Device Code Phishing. While security teams have been battling Azure Active Directory device code phishing attacks for years, threat actors have overlooked GitHub’s OAuth2 device flow as an attack vector. At […]