Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

GitHub notification phishing campaign impersonating Y Combinator W2026

Campaign
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

The GitHub notification abuse became a phishing campaign that pushed fake Y Combinator W2026 invitations to developers, creating a live risk of wallet theft across multiple repositories. Attackers used legitimate-looking alerts to drive clicks to a misspelled YC domain, where obfuscated JavaScript tried to trick recipients into signing malicious transactions. Reports to GitHub, IC3, and Google Safe Browsing led to removal of the fraudulent repositories, but the loss impact remains unclear.

Related Happenings

Megalodon GitHub CI/CD supply-chain campaign

Campaign
First: 22.05.2026 14:55 Last: 22.05.2026 14:55 Sources 1

About this happening: The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...

Open Happening

GitHub data exposed after GitHub breach

Data Leak
First: 20.05.2026 11:14 Last: 20.05.2026 11:14 Sources 1

About this happening: GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...

Open Happening

GitHub hit by network compromise

Incident
First: 20.05.2026 07:01 Last: 20.05.2026 07:01 Sources 1

About this happening: GitHub is investigating unauthorized access to its internal repositories after a third party allegedly offered stolen material for sale on a cybercrime forum. The intrusion was li...

Latest development: 20.05.2026 13:45

GitHub detected unauthorized access tied to a poisoned Visual Studio Code (VS Code) extension on an employee device, removed the malicious extension version, isolated the endpoint, and began incident response to contain exposure across internal repositories.

Open Happening

Rwl.angular-console (Nx Console) hit by network compromise

Incident
First: 19.05.2026 10:49 Last: 19.05.2026 10:49 Sources 1

About this happening: The **Nx Console** extension **rwl.angular-console 18.95.0** was compromised on the **VS Code Marketplace**, exposing **developers** to a **credential-stealing** payload and suppl...

Open Happening

Actions-cool/issues-helper hit by network compromise

Incident
First: 19.05.2026 08:28 Last: 19.05.2026 08:28 Sources 1

About this happening: The **actions-cool/issues-helper** GitHub Actions supply-chain compromise let malicious tags run in **CI/CD pipelines**, causing **credential theft** and downstream account risk....

Open Happening

Timeline

  1. 24.09.2025 15:37 2 articles · 8mo ago

    GitHub notification phishing campaign targets Y Combinator W2026 applicants

    Initial Disclosure

    A phishing campaign abused GitHub’s notification system to send fake Y Combinator W2026 invitations to targeted GitHub users by creating issues across multiple repositories and tagging account names so the alerts appeared legitimate. The lure pointed to a misspelled YC domain and a page with obfuscated JavaScript that prompted wallet verification and could authorize malicious transactions that drain crypto assets. Community reports to GitHub, IC3, and Google Safe Browsing led to removal of the fraudulent repositories, while some repositories saw as many as 500 issues from a new account and around 30 targeted users were identified.

    Show sources
    Open in new tab