cross-posted from: https://sopuli.xyz/post/9771976
GitHub besieged by millions of malicious repositories in ongoing attack
cross-posted from: https://sopuli.xyz/post/9771976
GitHub besieged by millions of malicious repositories in ongoing attack
But… why?
To try and take over other people’s ci/cd pipelines and inject malware into otherwise legitimate application binaries.
LastPass hack happened due to a developer logging I. On their home PV which had an outdated and vulnerable version of Plex installed. Swap outdated for “maliciously forked” and now attackers have legit code that can run for months before they use what they’ve injected to take over.
That would be silly, it would only go to accounts that aren’t theirs.