re: bird site, GitHub hack 

@socketwench how's that single point of failure going? poorly? who could have known!?

re: bird site, GitHub hack 

@c0debabe The way it looks is that attackers impersonated reputable devs or even project maintainers, then submitted malicious PRs which were merged without strict review. Attacks go through the NPM layer, delivering malicious packages or running post-install scripts. Clever stuff.

re: bird site, GitHub hack 

@socketwench looks like GitHub is already on it 👀 I put it in a thread Reader for my own ease of reading and figured I'd share too...

threadreaderapp.com/thread/155

Sign in to participate in the conversation
hackers.town

A bunch of technomancers in the fediverse. This arcology is for all who wash up upon it's digital shore.