Malicious actors hosted phishing kits on the web-based GitHub code hosting platform by abusing the service’s free repositories to deliver them to their targets via GitHub.io domains. This technique allows crooks to take advantage of the GitHub Pages service to bypass both whitelists and network defenses. GitHub took down all the accounts discovered to be involved in the malicious activity as of April 19, 2019, while also being “extremely responsive in addressing this abuse of their systems”” Researchers observed “”updates to indicators of compromise including shortened links
Source: security