Malicious actors are actively abusing the file upload logic in GitHubs comments to host and spread malware. The malware can be distributed via automatically generated download links that contain the name and owner of a repository used to create the URL. Ironically, in exactly this manner, Microsoft – the owner of the developer platform – was abused by hackers who created a false affiliation between the malware and the company. However, as Bleeping Computers investigation into the topic uncove
