Supply Chain Attackers Escalate With GitHub Dependabot Impersonation

Armed with stolen developer passcodes, attackers have checked in changes to repositories under the automation feature's name in an attempt to escape notice.

https://www.darkreading.com/application-security/supply-chain-attackers-escalate-with-github-dependabot-impersonation