Cybersecurity experts at McAfee have unveiled a vulnerability in GitHub and GitLab being exploited for malware distribution.

Malicious actors are using the 'comments' feature on these platforms to upload malware, creating URLs linked to trusted companies like Microsoft.

The exploit involves attaching files to comments; these files stay on the CDN with live URLs even if the comments are unposted or deleted.

This issue represents a substantial security risk since most software firms rely on GitHub or GitLab for their projects.

Currently, there's no mechanism for organizations to control or purge files attached to their repositories on these platforms.

Attempts to reach GitHub, Microsoft, and GitLab for comments on this matter have not received responses.