A malicious GitHub user opens a new “issue” on an open source repository falsely claiming that the project contains a “security vulnerability” and urges others to visit a counterfeit “GitHub Scanner” domain. The domain in question, however, is not associated with GitHub and tricks users into installing Windows malware.
It’s really not that clever.
Juries are older than computing.