Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

GitHub fake VS Code alert spam campaign

Campaign
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

A coordinated GitHub Discussions spam campaign is posting fake Visual Studio Code security alerts to lure developers into malware downloads, reaching thousands of repositories and inboxes. The posts use urgent advisory language, fake CVE IDs, and impersonation of maintainers or researchers to look legitimate. Automated accounts also trigger notification emails to tagged users and followers, widening exposure beyond the repository page. The lure chain sends victims through Google Drive to drnatashachinn[.]com, where a JavaScript reconnaissance script profiles the target before any second stage is delivered.

Related Happenings

GemStuffer RubyGems data-exfiltration campaign

Campaign
First: 13.05.2026 11:08 Last: 13.05.2026 11:08 Sources 1

About this happening: The **GemStuffer** campaign is abusing **RubyGems** as a data-exfiltration channel, with more than **150 gems** used to stage scraped content. It targeted public-facing **ModernGo...

Open Happening

Google sponsored search ManageWP phishing campaign

Campaign
First: 07.05.2026 00:36 Last: 07.05.2026 00:36 Sources 1

About this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...

Open Happening

SEO-poisoned GitHub facade campaign targeting enterprise admin tools

Campaign
First: 30.04.2026 14:30 Last: 30.04.2026 14:30 Sources 1

About this happening: A **high-resilience SEO-poisoning campaign** is pushing **malicious MSI installers** through **dual-stage GitHub facades**, raising the risk that enterprise admins and security st...

Open Happening

Claude Code leak GitHub Vidar lure campaign

Campaign
First: 02.04.2026 23:30 Last: 02.04.2026 23:30 Sources 1

About this happening: A **malicious GitHub repository campaign** is abusing the **Claude Code leak** to deliver **Vidar** to users searching for leaked code. The lure uses a **fake leak**, **search-eng...

Open Happening

TroyDen's Lure Factory GitHub Trojanized package campaign

Campaign
First: 24.03.2026 16:59 Last: 24.03.2026 16:59 Sources 1

About this happening: The **TroyDen's Lure Factory** campaign is distributing **300+ Trojanized GitHub packages**, broadening supply-chain risk for **developers, gamers, and the general public**. One o...

Open Happening

Timeline

  1. 27.03.2026 18:51 2 articles · 2mo ago

    Fake VS Code alerts target GitHub developers

    Initial Disclosure

    Security researchers identified a large-scale GitHub Discussions spam campaign that impersonates maintainers or researchers and posts fake Visual Studio Code security alerts with urgent vulnerability-advisory language and fake CVE IDs, pushing developers toward external download links on Google Drive and a cookie-driven redirect chain to drnatashachinn[.]com that runs a JavaScript reconnaissance script.

    Show sources
    Open in new tab