Security researchers have identified a vulnerability in GitHub’s comment file upload system that malicious actors are exploiting to spread malware. Here’s how it works: When a user uploads a file to a GitHub comment (even if the comment itself is never posted), a download link is automatically generated. This link includes the name of the repository and its owner, […] Read this story
