The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines

Cisco Talos reports a rising trend where adversaries exploit Software-as-a-Service (SaaS) notification pipelines, specifically GitHub and Jira, to deliver phishing emails. This Platform-as-a-Proxy (PaaP) technique leverages legitimate infrastructure to bypass email authentication protocols like SPF, DKIM, and DMARC. Attackers embed malicious lures within commit messages or invitation logic, ensuring high delivery rates by appearing as trusted system notifications. The primary objective is credential harvesting and social engineering, serving as a precursor to further compromise. Approximately 2.89% of GitHub traffic showed signs of this abuse during peak activity. Organizations face significant risk as traditional security gateways often trust traffic from verified SaaS providers. Mitigation requires enhanced user awareness regarding unexpected notifications and implementing strict verification processes for requests originating from trusted platforms, alongside monitoring for anomalous SaaS activity.

Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails.

Cisco Talos reports a rising trend where adversaries exploit Software-as-a-Service (SaaS) notification pipelines, specifically GitHub and Jira, to deliver phishing emails. This Platform-as-a-Proxy (PaaP) technique leverages legitimate infrastructure to bypass email authentication protocols like SPF, DKIM, and DMARC. Attackers embed malicious lures within commit messages or invitation logic, ensuring high delivery rates by appearing as trusted system notifications. The primary objective is credential harvesting and social engineering, serving as a precursor to further compromise. Approximately 2.89% of GitHub traffic showed signs of this abuse during peak activity. Organizations face significant risk as traditional security gateways often trust traffic from verified SaaS providers. Mitigation requires enhanced user awareness regarding unexpected notifications and implementing strict verification processes for requests originating from trusted platforms, alongside monitoring for anomalous SaaS activity. Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. By Diana Brown Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. These emails are transmitted using the legitimate mail delivery infrastructure associated with GitHub and Jira, minimizing the likelihood that they will be blocked in transit to potential victims. By taking advantage of the built-in notification functionality available within these platforms, adversaries can more effectively circumvent email security and monitoring solutions and facilitate more effective delivery to potential victims. In most cases, these campaigns have been associated with phishing and credential harvesting activity, which is often a precursor to additional attacks once credentials have been compromised and/or initial access has been achieved. During one campaign conducted on Feb. 17, 2026, approximately 2.89% of the emails observed being sent from GitHub were likely associated with this abuse activity. Platform abuse, social engineering, and SaaS notification hijacking Recent telemetry indicates an increase in threat actors leveraging the automated notification infrastructure of legitimate Software-as-a-Service (SaaS) platforms to facilitate social engineering campaigns. By embedding malicious lures within system-generated commit notifications, attackers bypass traditional reputation-based email security filters. This Platform-as-a-Proxy (PaaP) technique exploits the implicit trust organizations place in traffic originating from verified SaaS providers, effectively weaponizing legitimate infrastructure to bypass standard email authentication protocols. Talos' analysis explores how attackers abuse the notification pipelines of platforms like GitHub and Atlassian to facilitate credential harvesting and social engineering. The PaaP model The core of this campaign relies on the abuse of SaaS features to generate emails. Because the emails are dispatched from the platform's own infrastructure, they satisfy all standard authentication requirements (SPF, DKIM, and DMARC), effectively neutralizing the primary gatekeepers of modern email security. By decoupling the malicious intent from the technical infrastructure, attackers successfully deliver phishing content with a "seal of approval" that few security gateways are configured to challenge. Anatomy of GitHub campaign: Abusing automated notification pipelines The GitHub vector is a pure "notification pipeline" abuse mechanism. Attackers create repositories and push commits with payloads embedded in the commit messages. The User Interface Mechanism has two fields for text input: one is a mandatory summary, a single limited line, where the user provides a high-level overview of the change. Attackers weaponize this field to craft the initial social engineering hook, ensuring the malicious lure is the most prominent element of the resulting automated notification. The second field is an optional, extended description that allows for multi-line, detailed explanations. Attackers abuse this to place the primary scam content, such as fake billing details or fraudulent support numbers. Figure 1: Email header Figure 2: The body of the message By pushing a commit, the attacker triggers an automatic email notification. GitHub’s system is configured to notify collaborators of repository activity. Because the content is generated by the platform’s own system, it avoidssecurity flags. In this example, we can see the details of the commit followed by the scam message. At the bottom of the email, we have the mention of the subscription, buried at the very bottom of the page. Figure 3: List-Unsubscribe link The chain of Received headers shows the message entering the system from “out-28[.]smtp[.]github[.]com”...