GitPhish: Automating Enterprise GitHub Device Code Phishing
Two weeks ago, we published research on GitHub Device Code Phishing, a simple technique that can turn an eight-digit code and a phone call into a complete compromise of an organization’s GitHub repositories and software supply chain. While the concept is simple, executing these attacks often brings multiple layers of complexity, like building a convincing […]