Multiple threat actors are abusing the GitHub API to discover organizations’ repositories and members via ghost accounts.
Researchers have uncovered a sustained campaign using GitHub's public APIs and ghost accounts to profile enterprise software ...