RSS

Supply chain attack alert: .github/setup.js

antihero3 pts0 comments

Our org GitHub just got compromised massively by a supply-chain attack. Vectors are* Claude hooks* Gemini hooks* Cursor setup* VScode tasksIt adds all of the above to execute node .github/setup.js, an obfuscated file.Check infected: `rg --hidden --no-ignore node .github/setup.js`It spreads by adding mimic d skip-ci commits to open PRs which then get merged.Payload is obfuscated, available on request.If this is already a known one in the world, apologies, it hit us at around 10PM BST last night, the damage would have been incredible.Still trying to identify the original source.

github setup supply chain attack hooks

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.