<![CDATA[🦋 🚨 We’re seeing a widespread GitHub campaign using fake VS Code alerts + Google redirects to route developers to attacker infrastructure.]]>

We’re seeing a widespread GitHub campaign using fake VS Code alerts + Google redirects to route developers to attacker infrastructure.

The flow adapts based on cookies and fingerprints users before serving a second-stage attack. Not your average phishing link:

Widespread GitHub Campaign Uses Fake VS Code Security Alerts...

Widespread GitHub phishing campaign uses fake Visual Studio Code security alerts in Discussions to trick developers into visiting malicious website.

Socket (socket.dev)

https://bsky.app/profile/socket.dev/post/3mhvx4lgge22k

#Security

]]>https://board.circlewithadot.net/topic/5f27660c-dda5-4310-8506-9538c10828ea/we-re-seeing-a-widespread-github-campaign-using-fake-vs-code-alerts-google-redirects-to-route-developers-to-attacker-infrastructure.RSS for NodeThu, 09 Apr 2026 19:09:19 GMTTue, 31 Mar 2026 06:18:46 GMT60