GitHub accounts targeted in new phishing campaign

BleepingComputer reports that GitHub users are being targeted in an ongoing phishing campaign spoofing the CircleCI continuous integration and delivery platform, which commenced last week. Threat actors have been sending phishing emails notifying recipients regarding modifications in the platform's user terms and privacy policy and advising them to enter their GitHub accounts, in an effort to exfiltrate GitHub account credentials and two-factor authentication codes. "While GitHub itself was not affected, the campaign has impacted many victim organizations," said GitHub, which added that all accounts with indications of fraudulent activity have already been suspended. Meanwhile, CircleCI has advised users that it would never seek user credentials to view terms of service changes. " Any emails from CircleCI should only include links to circleci.com or its sub-domains. If you believe you or someone on your team may have accidentally clicked a link in this email, please immediately rotate your credentials for both GitHub and CircleCI, and audit your systems for any unauthorized activity," said CircleCI.