Malicious actors hosted phishing kits on the web-based GitHub code hosting platform by abusing the service’s free repositories to deliver them to their targets via github.io domains. […]

from https://www.bleepingcomputer.com/news/security/github-service-abused-by-attackers-to-host-phishing-kits/