Hackers Abuse GitHub and Jira Notifications to Deliver Phishing Through Trusted SaaS Channels

Cybercriminals are exploiting GitHub and Jira notification systems to deliver phishing emails, bypassing traditional security measures by using the platforms' own verified infrastructure. This tactic, termed Platform-as-a-Proxy (PaaP), leverages automated notifications for fake invoices or alerts to harvest user credentials.