In early 2025, GitHub lit up with confusion and more than a little panic. Thousands of developers found suspicious issues posted in their public repositories, flagged with a GitHub-style “Security Alert: Unusual Access Attempt” warning. The problem? It wasn’t GitHub. It was an attacker masquerading as GitHub support, luring developers into authorizing a malicious OAuth app (gitsecurityapp) under the guise of incident response. No zero-day. No credential theft. Just OAuth abuse, at scale...
