https://www.bleepingcomputer.com/news/security/millions-of-github-repos-likely-vulnerable-to-repojacking-researchers-say/

Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of users.

The warning comes from AquaSec's security team, 'Nautilus,' who analyzed a sample of 1.25 million GitHub repositories and found that about 2.95% of them to be vulnerable to RepoJacking.