#github — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #github, aggregated by home.social.
-
GitHub Discloses Breach from Poisoned VS Code Extension
GitHub swiftly detected and contained a security breach that originated from a tainted Visual Studio Code extension, taking immediate action to remove the malicious version and isolate the affected endpoint. The breach appears to be limited to GitHub's internal repositories, with the company rotating critical secrets and conducting a thorough…
#Github #VisualStudioCode #SupplyChain #CodePoisoning #Breach
-
🚀 Fastest-growing AI projects today
1. Among these, GPT-Image2-Skill stands out as a dynamic tool for image generation and edi...
2. GPT-Image2-Skill an extensive gallery of prompts, libraries, and command-line interface...
3. With a high growth score of 56.00 and over 2,270 stars, it's clear that developers draw...Full report → https://pullrepo.com/report/todays-code-assistant-fastest-growing-projects-may-21-2026
-
🚀 Fastest-growing AI projects today
1. Among these, GPT-Image2-Skill stands out as a dynamic tool for image generation and edi...
2. GPT-Image2-Skill an extensive gallery of prompts, libraries, and command-line interface...
3. With a high growth score of 56.00 and over 2,270 stars, it's clear that developers draw...Full report → https://pullrepo.com/report/todays-code-assistant-fastest-growing-projects-may-21-2026
-
🚀 Fastest-growing AI projects today
1. Among these, GPT-Image2-Skill stands out as a dynamic tool for image generation and edi...
2. GPT-Image2-Skill an extensive gallery of prompts, libraries, and command-line interface...
3. With a high growth score of 56.00 and over 2,270 stars, it's clear that developers draw...Full report → https://pullrepo.com/report/todays-code-assistant-fastest-growing-projects-may-21-2026
-
🚀 Fastest-growing AI projects today
1. Among these, GPT-Image2-Skill stands out as a dynamic tool for image generation and edi...
2. GPT-Image2-Skill an extensive gallery of prompts, libraries, and command-line interface...
3. With a high growth score of 56.00 and over 2,270 stars, it's clear that developers draw...Full report → https://pullrepo.com/report/todays-code-assistant-fastest-growing-projects-may-21-2026
-
🚀 Fastest-growing AI projects today
1. Among these, GPT-Image2-Skill stands out as a dynamic tool for image generation and edi...
2. GPT-Image2-Skill an extensive gallery of prompts, libraries, and command-line interface...
3. With a high growth score of 56.00 and over 2,270 stars, it's clear that developers draw...Full report → https://pullrepo.com/report/todays-code-assistant-fastest-growing-projects-may-21-2026
-
Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor
A long-running typosquatting campaign impersonated the widely used shopspring/decimal Go library by publishing github.com/shopsprint/decimal, differing by a single character. Active since November 2017, the package remained benign through seven releases until being weaponized in August 2023 with version v1.3.3. This version introduced a malicious init() function that executes automatically on import, establishing a DNS TXT record-based command and control channel to dnslog-cdn-images.freemyip.com. The backdoor polls every five minutes and executes arbitrary commands returned via TXT records. Although the GitHub repository and owner account have been deleted, the malicious module remains permanently cached and accessible through Go's module proxy system, continuing to pose a supply chain risk to developers who mistype the package name.
Pulse ID: 6a0d278a6320921cb57f8b69
Pulse Link: https://otx.alienvault.com/pulse/6a0d278a6320921cb57f8b69
Pulse Author: AlienVault
Created: 2026-05-20 03:16:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CDN #CyberSecurity #DNS #GitHub #InfoSec #OTX #OpenThreatExchange #Proxy #SupplyChain #TypoSquatting #bot #developers #AlienVault
-
Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor
A long-running typosquatting campaign impersonated the widely used shopspring/decimal Go library by publishing github.com/shopsprint/decimal, differing by a single character. Active since November 2017, the package remained benign through seven releases until being weaponized in August 2023 with version v1.3.3. This version introduced a malicious init() function that executes automatically on import, establishing a DNS TXT record-based command and control channel to dnslog-cdn-images.freemyip.com. The backdoor polls every five minutes and executes arbitrary commands returned via TXT records. Although the GitHub repository and owner account have been deleted, the malicious module remains permanently cached and accessible through Go's module proxy system, continuing to pose a supply chain risk to developers who mistype the package name.
Pulse ID: 6a0d278a6320921cb57f8b69
Pulse Link: https://otx.alienvault.com/pulse/6a0d278a6320921cb57f8b69
Pulse Author: AlienVault
Created: 2026-05-20 03:16:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CDN #CyberSecurity #DNS #GitHub #InfoSec #OTX #OpenThreatExchange #Proxy #SupplyChain #TypoSquatting #bot #developers #AlienVault
-
Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor
A long-running typosquatting campaign impersonated the widely used shopspring/decimal Go library by publishing github.com/shopsprint/decimal, differing by a single character. Active since November 2017, the package remained benign through seven releases until being weaponized in August 2023 with version v1.3.3. This version introduced a malicious init() function that executes automatically on import, establishing a DNS TXT record-based command and control channel to dnslog-cdn-images.freemyip.com. The backdoor polls every five minutes and executes arbitrary commands returned via TXT records. Although the GitHub repository and owner account have been deleted, the malicious module remains permanently cached and accessible through Go's module proxy system, continuing to pose a supply chain risk to developers who mistype the package name.
Pulse ID: 6a0d278a6320921cb57f8b69
Pulse Link: https://otx.alienvault.com/pulse/6a0d278a6320921cb57f8b69
Pulse Author: AlienVault
Created: 2026-05-20 03:16:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CDN #CyberSecurity #DNS #GitHub #InfoSec #OTX #OpenThreatExchange #Proxy #SupplyChain #TypoSquatting #bot #developers #AlienVault
-
Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor
A long-running typosquatting campaign impersonated the widely used shopspring/decimal Go library by publishing github.com/shopsprint/decimal, differing by a single character. Active since November 2017, the package remained benign through seven releases until being weaponized in August 2023 with version v1.3.3. This version introduced a malicious init() function that executes automatically on import, establishing a DNS TXT record-based command and control channel to dnslog-cdn-images.freemyip.com. The backdoor polls every five minutes and executes arbitrary commands returned via TXT records. Although the GitHub repository and owner account have been deleted, the malicious module remains permanently cached and accessible through Go's module proxy system, continuing to pose a supply chain risk to developers who mistype the package name.
Pulse ID: 6a0d278a6320921cb57f8b69
Pulse Link: https://otx.alienvault.com/pulse/6a0d278a6320921cb57f8b69
Pulse Author: AlienVault
Created: 2026-05-20 03:16:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CDN #CyberSecurity #DNS #GitHub #InfoSec #OTX #OpenThreatExchange #Proxy #SupplyChain #TypoSquatting #bot #developers #AlienVault
-
Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor
A long-running typosquatting campaign impersonated the widely used shopspring/decimal Go library by publishing github.com/shopsprint/decimal, differing by a single character. Active since November 2017, the package remained benign through seven releases until being weaponized in August 2023 with version v1.3.3. This version introduced a malicious init() function that executes automatically on import, establishing a DNS TXT record-based command and control channel to dnslog-cdn-images.freemyip.com. The backdoor polls every five minutes and executes arbitrary commands returned via TXT records. Although the GitHub repository and owner account have been deleted, the malicious module remains permanently cached and accessible through Go's module proxy system, continuing to pose a supply chain risk to developers who mistype the package name.
Pulse ID: 6a0d278a6320921cb57f8b69
Pulse Link: https://otx.alienvault.com/pulse/6a0d278a6320921cb57f8b69
Pulse Author: AlienVault
Created: 2026-05-20 03:16:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CDN #CyberSecurity #DNS #GitHub #InfoSec #OTX #OpenThreatExchange #Proxy #SupplyChain #TypoSquatting #bot #developers #AlienVault
-
GitHub just confirmed a breach. TeamPCP exfiltrated ~3,800 internal repositories through a poisoned VS Code extension installed on one employee's device
Customer repos were not affected GitHub's own internal code was
The irony worth noting: if GitHub's internal infrastructure were open source, stealing it would be pointless
Open source isn't just a philosophy. It's a security posture The value of stolen code depends entirely on it being secret
#OpenSource #FOSS #Security #GitHub #Decentraliztion -
🍏🔍 Oh, joy! Another tech enthusiast bravely pries open Apple's tightly-sealed vault of video wallpapers, only to slap a generic #GitHub link on it and call it a day. 🚀💻 Because nothing screams #innovation like reinventing the screensaver, but this time with a trendy "reverse-engineered" twist! 🤦♂️
https://github.com/kageroumado/phosphene #AppleTech #ReverseEngineering #VideoWallpapers #HackerNews #ngated -
🍏🔍 Oh, joy! Another tech enthusiast bravely pries open Apple's tightly-sealed vault of video wallpapers, only to slap a generic #GitHub link on it and call it a day. 🚀💻 Because nothing screams #innovation like reinventing the screensaver, but this time with a trendy "reverse-engineered" twist! 🤦♂️
https://github.com/kageroumado/phosphene #AppleTech #ReverseEngineering #VideoWallpapers #HackerNews #ngated -
🍏🔍 Oh, joy! Another tech enthusiast bravely pries open Apple's tightly-sealed vault of video wallpapers, only to slap a generic #GitHub link on it and call it a day. 🚀💻 Because nothing screams #innovation like reinventing the screensaver, but this time with a trendy "reverse-engineered" twist! 🤦♂️
https://github.com/kageroumado/phosphene #AppleTech #ReverseEngineering #VideoWallpapers #HackerNews #ngated -
🍏🔍 Oh, joy! Another tech enthusiast bravely pries open Apple's tightly-sealed vault of video wallpapers, only to slap a generic #GitHub link on it and call it a day. 🚀💻 Because nothing screams #innovation like reinventing the screensaver, but this time with a trendy "reverse-engineered" twist! 🤦♂️
https://github.com/kageroumado/phosphene #AppleTech #ReverseEngineering #VideoWallpapers #HackerNews #ngated -
🍏🔍 Oh, joy! Another tech enthusiast bravely pries open Apple's tightly-sealed vault of video wallpapers, only to slap a generic #GitHub link on it and call it a day. 🚀💻 Because nothing screams #innovation like reinventing the screensaver, but this time with a trendy "reverse-engineered" twist! 🤦♂️
https://github.com/kageroumado/phosphene #AppleTech #ReverseEngineering #VideoWallpapers #HackerNews #ngated -
Latest PyPi Compromise
A supply chain attack targeting the Microsoft DurableTask Python client compromised versions 1.4.1, 1.4.2, and 1.4.3 on PyPi. The threat actor gained access through a compromised GitHub account previously linked to attacks, using stolen credentials to dump GitHub secrets containing PyPi tokens. The evolved payload targets Linux systems, stealing credentials from AWS, Azure, GCP, Kubernetes, Vault, and password managers like Bitwarden and 1Password. It propagates via AWS SSM and Kubernetes lateral movement, limited to 5 targets per infected host. The payload scrapes shell history, bruteforces password managers, and establishes persistence through infection markers. Compromised packages were quarantined following analysis.
Pulse ID: 6a0ce3b0ad791179648c47b0
Pulse Link: https://otx.alienvault.com/pulse/6a0ce3b0ad791179648c47b0
Pulse Author: AlienVault
Created: 2026-05-19 22:26:56Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #Azure #BruteForce #CyberSecurity #GitHub #InfoSec #Linux #Microsoft #OTX #OpenThreatExchange #Password #PyPI #Python #RCE #SupplyChain #Word #bot #AlienVault
-
Latest PyPi Compromise
A supply chain attack targeting the Microsoft DurableTask Python client compromised versions 1.4.1, 1.4.2, and 1.4.3 on PyPi. The threat actor gained access through a compromised GitHub account previously linked to attacks, using stolen credentials to dump GitHub secrets containing PyPi tokens. The evolved payload targets Linux systems, stealing credentials from AWS, Azure, GCP, Kubernetes, Vault, and password managers like Bitwarden and 1Password. It propagates via AWS SSM and Kubernetes lateral movement, limited to 5 targets per infected host. The payload scrapes shell history, bruteforces password managers, and establishes persistence through infection markers. Compromised packages were quarantined following analysis.
Pulse ID: 6a0ce3b0ad791179648c47b0
Pulse Link: https://otx.alienvault.com/pulse/6a0ce3b0ad791179648c47b0
Pulse Author: AlienVault
Created: 2026-05-19 22:26:56Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #Azure #BruteForce #CyberSecurity #GitHub #InfoSec #Linux #Microsoft #OTX #OpenThreatExchange #Password #PyPI #Python #RCE #SupplyChain #Word #bot #AlienVault
-
Latest PyPi Compromise
A supply chain attack targeting the Microsoft DurableTask Python client compromised versions 1.4.1, 1.4.2, and 1.4.3 on PyPi. The threat actor gained access through a compromised GitHub account previously linked to attacks, using stolen credentials to dump GitHub secrets containing PyPi tokens. The evolved payload targets Linux systems, stealing credentials from AWS, Azure, GCP, Kubernetes, Vault, and password managers like Bitwarden and 1Password. It propagates via AWS SSM and Kubernetes lateral movement, limited to 5 targets per infected host. The payload scrapes shell history, bruteforces password managers, and establishes persistence through infection markers. Compromised packages were quarantined following analysis.
Pulse ID: 6a0ce3b0ad791179648c47b0
Pulse Link: https://otx.alienvault.com/pulse/6a0ce3b0ad791179648c47b0
Pulse Author: AlienVault
Created: 2026-05-19 22:26:56Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #Azure #BruteForce #CyberSecurity #GitHub #InfoSec #Linux #Microsoft #OTX #OpenThreatExchange #Password #PyPI #Python #RCE #SupplyChain #Word #bot #AlienVault
-
Latest PyPi Compromise
A supply chain attack targeting the Microsoft DurableTask Python client compromised versions 1.4.1, 1.4.2, and 1.4.3 on PyPi. The threat actor gained access through a compromised GitHub account previously linked to attacks, using stolen credentials to dump GitHub secrets containing PyPi tokens. The evolved payload targets Linux systems, stealing credentials from AWS, Azure, GCP, Kubernetes, Vault, and password managers like Bitwarden and 1Password. It propagates via AWS SSM and Kubernetes lateral movement, limited to 5 targets per infected host. The payload scrapes shell history, bruteforces password managers, and establishes persistence through infection markers. Compromised packages were quarantined following analysis.
Pulse ID: 6a0ce3b0ad791179648c47b0
Pulse Link: https://otx.alienvault.com/pulse/6a0ce3b0ad791179648c47b0
Pulse Author: AlienVault
Created: 2026-05-19 22:26:56Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #Azure #BruteForce #CyberSecurity #GitHub #InfoSec #Linux #Microsoft #OTX #OpenThreatExchange #Password #PyPI #Python #RCE #SupplyChain #Word #bot #AlienVault
-
Latest PyPi Compromise
A supply chain attack targeting the Microsoft DurableTask Python client compromised versions 1.4.1, 1.4.2, and 1.4.3 on PyPi. The threat actor gained access through a compromised GitHub account previously linked to attacks, using stolen credentials to dump GitHub secrets containing PyPi tokens. The evolved payload targets Linux systems, stealing credentials from AWS, Azure, GCP, Kubernetes, Vault, and password managers like Bitwarden and 1Password. It propagates via AWS SSM and Kubernetes lateral movement, limited to 5 targets per infected host. The payload scrapes shell history, bruteforces password managers, and establishes persistence through infection markers. Compromised packages were quarantined following analysis.
Pulse ID: 6a0ce3b0ad791179648c47b0
Pulse Link: https://otx.alienvault.com/pulse/6a0ce3b0ad791179648c47b0
Pulse Author: AlienVault
Created: 2026-05-19 22:26:56Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #Azure #BruteForce #CyberSecurity #GitHub #InfoSec #Linux #Microsoft #OTX #OpenThreatExchange #Password #PyPI #Python #RCE #SupplyChain #Word #bot #AlienVault
-
🚀 Fastest-growing AI projects today
1. One standout repository thweek `nexu-io/open-design`, which has seen remarkable growth...
2. `nexu-io/open-design` a local-first open replica of Anthropic's Claude Design, offering...
3. Its high Growth Score of 99.90 and an impressive 47,857 stars indicate that developers...Full report → https://pullrepo.com/report/todays-ai-agent-fastest-growing-projects-may-21-2026
-
🚀 Fastest-growing AI projects today
1. One standout repository thweek `nexu-io/open-design`, which has seen remarkable growth...
2. `nexu-io/open-design` a local-first open replica of Anthropic's Claude Design, offering...
3. Its high Growth Score of 99.90 and an impressive 47,857 stars indicate that developers...Full report → https://pullrepo.com/report/todays-ai-agent-fastest-growing-projects-may-21-2026
-
🚀 Fastest-growing AI projects today
1. One standout repository thweek `nexu-io/open-design`, which has seen remarkable growth...
2. `nexu-io/open-design` a local-first open replica of Anthropic's Claude Design, offering...
3. Its high Growth Score of 99.90 and an impressive 47,857 stars indicate that developers...Full report → https://pullrepo.com/report/todays-ai-agent-fastest-growing-projects-may-21-2026
-
🚀 Fastest-growing AI projects today
1. One standout repository thweek `nexu-io/open-design`, which has seen remarkable growth...
2. `nexu-io/open-design` a local-first open replica of Anthropic's Claude Design, offering...
3. Its high Growth Score of 99.90 and an impressive 47,857 stars indicate that developers...Full report → https://pullrepo.com/report/todays-ai-agent-fastest-growing-projects-may-21-2026
-
🚀 Fastest-growing AI projects today
1. One standout repository thweek `nexu-io/open-design`, which has seen remarkable growth...
2. `nexu-io/open-design` a local-first open replica of Anthropic's Claude Design, offering...
3. Its high Growth Score of 99.90 and an impressive 47,857 stars indicate that developers...Full report → https://pullrepo.com/report/todays-ai-agent-fastest-growing-projects-may-21-2026
-
-
-
-
-
-
CISA Exposes Sensitive Data in Unsecured GitHub Repository
A shocking security lapse was uncovered when a GitGuardian researcher stumbled upon a public GitHub repository containing 844 MB of sensitive production infrastructure material from a national agency, left exposed for a staggering six months. This alarming data leak highlights the gravity of unsecured data, with expert Guillaume Valadon…
#SensitiveDataLeak #Cisa #Github #UnsecuredRepository #EmergingThreats
-
Deep – CLI/REPL for generating and iterating on codebases using DeepSeek
-
Deep – CLI/REPL for generating and iterating on codebases using DeepSeek
-
Deep – CLI/REPL for generating and iterating on codebases using DeepSeek
-
Deep – CLI/REPL for generating and iterating on codebases using DeepSeek
-
Deep – CLI/REPL for generating and iterating on codebases using DeepSeek
-
Show HN: CPU-only transcription for YouTube, TikTok, X, Instagram videos
-
Show HN: CPU-only transcription for YouTube, TikTok, X, Instagram videos
-
Show HN: CPU-only transcription for YouTube, TikTok, X, Instagram videos
-
Show HN: CPU-only transcription for YouTube, TikTok, X, Instagram videos
-
Show HN: CPU-only transcription for YouTube, TikTok, X, Instagram videos
-
GitHub, the popular developer platform owned by Microsoft, confirmed it was hacked and attackers had stolen data from around 3,800 internal code repositories.
-
GitHub, the popular developer platform owned by Microsoft, confirmed it was hacked and attackers had stolen data from around 3,800 internal code repositories.
-
GitHub, the popular developer platform owned by Microsoft, confirmed it was hacked and attackers had stolen data from around 3,800 internal code repositories.
-
GitHub, the popular developer platform owned by Microsoft, confirmed it was hacked and attackers had stolen data from around 3,800 internal code repositories.
-
GitHub, the popular developer platform owned by Microsoft, confirmed it was hacked and attackers had stolen data from around 3,800 internal code repositories.
