Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks
https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/
A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code.
"Security Alert: Unusual Access Attempt We have detected a login attempt on your GitHub account that appears to be from a new location or device," reads the GitHub phishing issue.
