Faisal Misle @me
Follow

I’ve actually seen a few of these hit customer’s inboxes this week; and because GitHub is public by default, you can see the source code + any edits
——
Threat actors abuse GitHub service to host a variety of phishing kits proofpoint.com/us/threat-insig