FlagThis

Multiple vulnerabilities in Git’s credential retrieval protocol have been discovered which could allow attackers to access user credentials. These flaws stem from the improper handling of messages within Git’s credential protocol affecting tools like GitHub Desktop, Git Credential Manager, and Git LFS. Successful exploitation of these flaws can lead to credential exposure.

Cofense has released a report highlighting the increasing sophistication of phishing attacks that are now spoofing trusted email security companies, including Proofpoint, Mimecast, and Virtru. These attacks use fake attachments, phishing links, and credential-harvesting tactics to trick users into disclosing sensitive information by mimicking well-known brands to increase trust.