GitHub keeps removing malware-laced repositories, but thousands remain.
    • @surewhynotlemEnglish
      325 months ago

      To try and take over other people’s ci/cd pipelines and inject malware into otherwise legitimate application binaries.

    • phillaholicEnglish
      105 months ago

      LastPass hack happened due to a developer logging I. On their home PV which had an outdated and vulnerable version of Plex installed. Swap outdated for “maliciously forked” and now attackers have legit code that can run for months before they use what they’ve injected to take over.

    • Aatube
      25 months ago

      Why would somebody want to steal my login credentials‽‽

      • @AnUnusualRelicEnglish
        25 months ago

        That would be silly, it would only go to accounts that aren’t theirs.