Hackers have found yet another way to trick devs into downloading malware from GitHub

Threat actors have found a way to hide malicious files within legitimate repositories on GitHub and GitLab by embedding them in the comment section. This allows them to distribute malware undetected.