Bleeping Computer

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens

GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, ...
InfoWorld

A wake-up call for identity security in devops

The GitHub OAuth attack exposed a security blind spot in the ever-growing web of permissions spanning developers, service accounts, and third-party OAuth apps. Here’s how to address it. In early 2025, ...