A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new « issue » on an open source repository falsely claiming that the project contains a « security vulnerability. » […]
