Phishing attack through GitHub notification
I got a phishing email from a repo I never subscribed to https://github.com/ycombbiinator/-co
The email looks like so https://pasteboard.co/HYYB7qg0tv2M.png
And I could see I was subscribed to the "issue" https://pasteboard.co/zIj5fcaIhNYA.png > The best email address for anything like this is security@ycombinator.com https://news.ycombinator.com/item?id=45353095 "Discussion" (17 points, 4 hours ago, 17 comments) https://news.ycombinator.com/item?id=45352610 I haven't gotten a phishing email, but I permanently have `ycombbiinator/-co` in my GitHub Notifications list. It doesn't display any notifications, but I have the blue notification icon. It's so annoying. Here's a fix to remove the notification. Use the GitHub CLI (cli.github.com) to remove it. gh auth login gh api notifications //find the bad phishing notification that should be deleted gh api --method PATCH notifications/threads/(ID HERE) I am sure I never subscribed to this repo. However I came across https://github.blog/changelog/2025-04-14-sunset-notice-for-a... which possibly means one of the teams I had actually been a part of is the issue. I've gotten a few similar spam/phishing notifications from github recently too. It showed that my username was tagged in the issue (along with 10-20 others).