Threat actors are increasingly abusing trusted platforms like GitHub and GitLab to host malware and credential phishing pages, allowing malicious links to bypass email security because these domains are widely trusted and cannot easily be blocked. The volume of these campaigns has grown significantly since 2021, with 2025 accounting for nearly half of all activity, and attacks often include both malware delivery and credential theft, sometimes in combined “dual threat” chains.
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2026/04/the-growing-abuse-of-github-and-gitlab-in-phishing-campaigns/
