I got smooched by this mofo. Got an email from GitHub Sec saying a repo in my own account was deleted because of a known vuln.
My NX Console EXTENSION in VS Code was updated after the supply chain attack was initialized by the malicious actor.
The symptom, besides the email from GitSec, was all my terminals initialized prompted for sudo pw, because ~/.bashrc had sudo shutdown appended.
hm-nah 260 days ago |
parent |
next [−] The Kaspersky article says the hackers were focused on crypto wallets, env vars, and ssh keys, but what about .azure/cache-tokens.json, .aws/creds, .gcp/creds, etc.?
palmfacehn 260 days ago |
parent |
next [−] And the worst toolchain+ecosystem award goes to...
hm-nah 259 days ago |
root |
parent |
next [−] …JavaScript or VS Code Extensions? (Or both)