Millions of GitHub repos likely vulnerable to RepoJacking, researchers say

RepoJacking is an attack where a malicious actor registers a username and creates a repository used by an organization in the past but which has since changed its name.

Doing so results in any project or code that relies on the dependencies of the attacked project to fetch dependencies and code from the attacker-controlled repository, which could contain malware.