It's also one of those things that warms your team up and gets them ready for actual work, a team that has to self host their git and other infra, like self-hosting DNS servers with bind, will have a much better work ethic than engineers who click buttons on a SaaS and conflate their role as users of a system instead of admins of one.
Additionally, using github actions, and relying on Pull Requests (Tm) (R) (C) has always been (useful) vendor lock in (and a security risk in case of GH Actions). It wasn't enough to lock down a choice, but it tilts the balance in favour of less dependencies, which with the increase of CVEs and supply chain vulns, seems to be the name of the game for this new era. Build it in house, ignore the dogma.
With this level of availability, would company remain on cloud?
"The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far."
I can understand the rationale, this feels lighter and not something that belongs on status.github.com or the blog. Maybe what's actually missing is an official channel for ephemeral stuff on a domain they own, somewhere between a status page and a tweet? Just sharing an observation.
Similarly, I could see ransomware groups hacking in and feeling bad for GH so they improve a few things to help them get to at leave nine fives of uptime.
If catch a burglar in my house, I will ask them what they are doing. If they respond with "I'm searching for money!", I'll suggest "Let's search together, and whatever we find, we split 50/50"
I ask because I don’t see anything posted on their official blog or status page.
This is going to create so much work and job security for software developers.
Large companies are going to have to adopt all kinds of policies and bureaucratic processes to protect themselves from supply chain attacks. It's going to increase the amount of engineering work, create new blockers, increase the on-boarding time for new tech talent. I suspect that software devs are going to get their jobs back with a thick, cushiony layer of bureaucracy on top.
Software developers are a bit like lawyers. As an aggregate, they have the capacity to create problems which translate directly into billable hours for themselves.
[1]: https://blog.codeberg.org/codeberg-launches-forgejo.html
The gap is smaller now.
I've been talking about package worms for... fuck, a decade. Insane. I've even thought about publishing one to prove a point but, well, it's illegal obviously. And ethically questionable.
Someone just vibecoded up what we've all known was possible for a long, long time. Just like a lot of other vibe coded projects.
I remember talking to a malware author a long time ago and I think this would have been exactly what he would have loved. He liked building custom C2 protocols, tiny malware, etc, but when we discussed a particular idea for owning massive amounts of infrastructure his response was basically "that's a lot of effort to get a krebs article and FBI attention". Now it's not so much effort!
(People are not sleeping on this and it is not something people have failed to notice. I don't use LLMs at all and even I have noticed it - largely because there is approximately nobody that isn't talking about it.)
Or because there are more source code scanners which end up finding more vulnerabilities?
Now the market share is all the AI agent users.
There is no security risk that you could use to convince me that ”devs should only have access to code they need to modify”.
It’s a simple rule from a simpler time, to limit the risk of total compromise.
I think it’s actually non-trivial to determine how many repos you should have read-only access to. I frequently hop through multiple repos that I don’t contribute to, just to understand how the system is architected and what it does at different stages. We even have an internal Claude skill for finding relevant repo for a given problem which relies on personal gh access (via CLI). It _can_ be done more securely but those defaults built over many years will take time to change.
The real question is why github has 3800 internal repos.
Robot source code; satellite ground station hardware; satellite ground station software; visualization; satellite hardware; satellite software; nuttx + its submodules for 2 different projects; linux kernel fork; circuitpython fork; raspberry pico tools fork; embedded programming/debugging tools; my lecture notes; my automated grading tooling; etc etc etc. That's just me + ~35 students in classes.
Pretty easy to see how when you have scale you can get to a few thousand.
*assuming github dogfoods github
But did he clone all the repos into his machine? I doubt it. So, the hacker extracted all the 3800 repos using the employee's machine as a gateway? I doubt it as well, I'm sure they would have detected this huge amount of data much earlier than transferring all of it?
> The real question is why github has 3800 internal repos.
I guess they mean customer's private repos?
I can think of _one_ product that allows you to set up low-friction access management, and AFAIK most users of that product don't set it up that way.
Software engineers _should_ be able to request access to dev resources JIT during their day-to-day work, have that access auto-approve in >99% of cases, have it auto-expire if they don't actually use the resources, and have all of that be subject to anomaly detection/approval escalations and other auditing.
Instead in most orgs it's like fill out a form, get your manager (who's always in meetings) to approve and then wait some number of days for a human to click-ops your request. At best you can open a PR and have the changes applied in an hour or two.
You _should_ be able to get access to things pretty much immediately if you need them and they're not sensitive. Then we could deny by default without cratering productivity.
Tell them to make a better UX and they lose their minds in a huffy puff of fake crisis mode or get avoidant with stonewalling 'secret security stuff' that you can't hold them to account for. Or eat 50% of developer machine performance for "endpoint security" and the carnival of sadness goes on and on.
Signal is an example of security as a product that was actually designed for user UX in mind to give one example.
I’ve ridden startups through the phase where they transition to “responsible adults”, and start putting in policies and locking things down and generally behaving like the giant corporations they expect to be one day (and that the locker downers came from and are used to).
You can feel the deceleration, like taking your foot off the gas on the freeway. I’ve sat through all hands meetings where the ceo asked why we don’t ship as fast anymore, and since by that time most of the fast moving folk have moved on, nobody has an explanation.
Social media posts were literally called "status updates" at some point.
This doesn't need to be X, BTW, but if everyone's gonna use X may as well meet people where they are.
Status is for availability.
I’m not saying it’s a good idea. I am saying it somehow became the single source of truth for the Internet with all that entails.
You're saying Twitter is famous for being famous, and looking down at someone who expresses dismay at this for being behind the times.
They announced this exclusively on X.com, which ranks barely above Pinterest in terms of usage. That's below Reddit, Snapchat, WeChat, and Instagram, and requires a user account to view profiles and posts. And that's ignoring all the reasons X is a divisive platform with an extreme political bent.
GitHub chose not to announce this on any other social media either (BlueSky, Facebook, TikTok, YouTube, LinkedIn, or Mastodon, as of this posting, and with no emails sent on the matter.)
Wherever they posted, there’s at this time two articles on the Hacker News front page. Sounds like they have reached their audience.
I think that's panic mode from some decision maker (i.e. head of marketing or head of security).
Most individual permalinks (.com/username/1234...) don't work without logging in, either, and the official client now uses `/i/` in place of usernames for permalinks(bogus usernames always worked; pkey was the timestamp).
This means an organizationally shared Twitter account for announcements is not a viable concept, at least until Twitter is to be transferred again to whoever would be a better keeper of it.
For example: Twitter/X, along with Nitter mirrors like XCancel, are all blocked at the client I'm currently working with so although they can see this discussion, they're excluded from some of the most important details.
(Like many former twitter users, I don't have an X account these days so I'm guessing wouldn't be able to see the full original thread - glad of XCancel, that's for sure.)
Beyond that, Twitter is the de facto default dissemination vehicle, due to its reach. Even if people are not on Twitter, they are likely to see things from people that are on Twitter.
Not to mention Twitter is not an open platform anymore! (A) I'm an employee in an organization paying for Github. (B) I don't have a Twitter account. I already have a Github account because of (A). Why should (B) stop/delay me from getting official comms about this?
But yes, it's also possible the defenders have been kind of forced into having the slop machine shit out a huge pile of shit-ass changes, one way or another, that end up making the attackers' job even easier. (Even assuming no mechanisation at their end! Which is of course in nearly-June of 2026, probably unrealistic. And LLMs do appear to be really quite good at that side of the equation...)
I gave up and I'm now a happy "AI enthusiast" at my company, handing out AI slop reviews for AI slop PRs. Deep down, I don't care anymore, if that's what they want, that's what they'll get, and it's no longer my problem if stuff leaks through that brings down prod or worse. Oh, and I'm also in line for a promotion this coming quarter thanks to my new found "velocity".
I tried that too, until I realized the people I was supposed to mentor take my comment, feed it to the LLM, and let it make the fix.
And in the meantime they learned nothing.
Zero number of...
Insignificant numbers of...
Not-significant numbers of...
Not-insignificant numbers of...
Significant numbers of...
Very significant numbers of...
None of
One or two of
A couple of
A few of
Some of
Many of
Lots of
Most of
Almost all of
All ofI don't think so. It is even worse if a random developer has access to customers' private repos.
It doesn’t mean they are all masterpieces of elaborate production code.
So you'd need to authenticate for the VPN, which often has 2nd factor.
But I have no idea of how they are set up.
It'll frequently display tweets from literal years ago as being the latest.
It's why proxies/mirrors are often linked rather than Twitter itself.
They don't seem to care to fix it, which implies that it's intentional. Seems completely stupid but what do I know?
poor monk deserves an SSD, it's 2026 after all :(
Please try not to contradict my very words to make a point. That’s very Twitter-like of you.
Which is why I wouldn't want to normalize it being the kind of place where company announcements are made. IMO anyone who sees it as worrying is right, and I'm glad they're not desensitized.
Just because it's been going on for a decade doesn't make it any less crazy that Twitter has become a primary source of news.
I agree. Still, this is the state of things, and well outside my control.
I mean reasonable both times but you obviously understand why one might have changed their mind in recent years
I haven’t seen any suggestion in this thread. status.github.com fails many of these criteria.
It would be one thing if they could only use one channel. If they could only choose one, that would be email, which every GitHub user has.
They could use email, as well as status.github.com, their blog (which also has an RSS feed https://github.blog/feed/), and post it on their otherwise active BlueSky (which, unlike X, does not require an account to see their posts).
The main non-political issue with X is that those without an account (or who are unable to login) may not be able to access it, which isn't ideal for a backup communications channel. Best of both worlds is to set up mirroring where you post to bluesky and automatically post a copy to X.
It is unfortunate that they can’t post multiple social media accounts so people can see this news on whatever platform(s) they use.
Wait, I just instituted usage quotas, you'll have to give me $8 and your credit card, too.
It's not "spam" if it is relevant to me, such as security incident disclosures.
Also, as tiffanyh pointed out, what's wrong with Github blog or is that exclusively for marketing fluff now? That would've been appropriate enough, without having to spend Sendgrid credits.
Github decided not to use email (which every Github customer has), their sites, or their otherwise active BlueSky.
There are plenty of reasons not to use X, but that's not what's in contention. X.com was the _only_ platform they shared this information on.
It bears repeating: Github decided not to use email, which every GitHub customer has, and Github chose not to use their sites, and GitHub chose not to use their otherwise active BlueSky.
GitHub confirms breach of 3,800 repos via malicious VSCode extension - https://news.ycombinator.com/item?id=48207660
Oof
3329:-rw-r--r-- 1 root root 62971493 May 18 22:52 spam-investigations.tar.gz
3330:-rw-r--r-- 1 root root 7915019 May 18 22:55 spamops.tar.gz
680:-rw-r--r-- 1 root root 306146 May 18 23:14 copilot-abuse-dashboard.tar.gz
681:-rw-r--r-- 1 root root 219637 May 18 23:03 copilot-abuse.tar.gz
2245:-rw-r--r-- 1 root root 55838 May 18 23:14 le-portal-go-admin.tar.gz
3820:-rw-r--r-- 1 root root 2204 May 19 04:25 secret-scanning-password-detection.tar.gz
2223:-rw-r--r-- 1 root root 36777 May 18 23:05 law-enforcement-front-door.tar.gz
2224:-rw-r--r-- 1 root root 56824 May 18 23:12 law-enforcement-portal-go.tar.gz
2225:-rw-r--r-- 1 root root 141825 May 18 23:12 law-enforcement-portal.tar.gz
see the full one @ hxxps://limewire[.]com/d/4HPnj#dbRR3wQb4u
"We are investigating unauthorized access" sounds much better than "we've been hacked"
For a Fortune 100, to go out of your way to spook investors is the least desirable approach.
The company that had 40 million Azure servers compromised? This is a drop in the bucket, the investors clearly do not care about this.
https://www.microsoft.com/en-us/security/blog/2026/05/18/sto...
I don't remember the exact wording about what qualifies as "incident" or "major incident" but the TL;DR is that the regulated entities are required to notify their regulators of impactful supplier incidents within 24h with initial information and within 72h with more complete details.
Which in turn means that Github will have signed contracts that bind them to accommodating timelines.
- set locally: pnpm config set minimum-release-age 4320 # 3 days in minutes https://pnpm.io/supply-chain-security for other package managers check: https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e...
- add Socket Free Firewall when installing npm packages on CI https://docs.socket.dev/docs/socket-firewall-free#github-act...
I guess it's hostile to signed in users in a different way.
“I’m sorry Dave, I can’t do that. This codebase has been identified as proprietary.”
It is. I've been using Codex to analyse repositories en masse for a project I'm working on now[0]. Codex, Claude (my usual weapon of choice), etc., make pretty short work of looking for all kinds of problems and antipatterns in large codebases.
[0] Before any wags chime in, no, I'm not the one who hacked Nx and exported 4000 internal GitHub repos. I'm talking about a legitimate client project for a reputable company!
via: news.ycombinator.com/item?id=48204312
https://github.com/nrwl/nx-console/security/advisories/GHSA-...
This isn't the first time their plugin has led to RCE...
That kind of thing might be a case to not publicly disclose..
All of their repos have been copied and are up for sale. Attackers are TeamPCP, the creators of the Shai-Hulud malware.
For consumer it's kind of already like this in a way, there are "verified" extension providers.
Overall, I think this is just going to lead to a lot more scrutiny. I'm sure one of the first things asked when this was discovered was how can it be prevented and I'm sure one of the first answers was get VsCode to lock down extensions. Enterprises love the easy answers
upvote here: https://github.com/microsoft/vscode/issues/52116#issuecommen...
VsCode and other IDEs have basically no permission system (spoiler alert: Browser Extension permission system is also weak).
People like myself and many others have called this out over the years, but Micro$lop and others just didn't act at all - at least there's some irony in that they were hacked by way of their own unsecure permission architecture.
So if it has a "minimal" set of access, it has access to a Github key. That's enough.. to do this sort of damage.
It’s a swell experience, now, but, the “meme” comes directly from reality.
For a while the key was literally:
> This obfuscation is intended to discourage GitHub Enterprise customers from making modifications to the VM. We know this 'encryption' is easily broken.
Therefore one way to weaken these criminals would be to weaken this trust factor. In a way therefore comments like "can we actually believe they will really shred it" goes towards this aim.
I have to wonder what criminal hacking gangs that do not operate on trust would do. Would it be like the replacement of organized crime (mafia) with the arguably wider damaging unorganized violent drug gangs?
More than likely they will just claim that the company paid the ransom and never release the code (or at least not immediately).
Even if there are knobs you can turn to disable auto updates, does that cover everything that decides to change your software behind your back?
edited: not "will", may depending on your GHA
Do that automatically for all code downloaded from the web and run outside a sandbox.
Maybe won't catch everything, but should catch most evil stuff, especially if a variety of models and prompts are used.
Why is the answer for Javascript developers "don't use leftpad" but for the AI crew it's "convert the source code to tokens and attempt to strip out the bad stuff without breaking the rest"?
You can set this to only allow plugins from Microsoft, which is a company most people trust and also owns Github.
Oh wait...
I don't even know what the plugin upgrade command is, and I don't plan to find out. Recommended.
Nothing is safe.
The only way I found out is because I run NixOS and it downloaded a dynamically linked binary that failed to start up and it spat out an error
No shade on Zed, sometimes in-house security tools just don't like new software.
Zed was super impressive when I first started it, but I don't know yet how it compares with PHP Storm.
Plus, it runs like shit on Linux.
Browser extensions have been a great playground for me.
b) You can have the LLM use separate sub agents for different files/ code.
c) You can have the LLM do analysis using grep and other deterministic tools ex: "use grep to find 'unsafe' calls"
It wont be the same experience at all, the debugging and deployment stuff will be strictly inferior and the jump to code might be less impressive.
Zed has LSP support though, so if you have a good LSP then you’ll get some nice IDE features, but they’re not really comparable.
2. We have a long history of using heuristic technologies to detect attacks. We can infer that other heuristic technologies can be combined in a successful manner.
3. Shortcomings of LLMs are directly addressed by removing attacker controlled information from the input, which I specifically called out (using tools like grep for pattern matching + using sub agents to isolate contexts). This has been demonstrated already in a number of ways - feeding the LLM derived facts instead of attacker controlled data is the well worn path to avoiding injection attacks.
I stopped reading after that.
I guess maybe you've learned a new word today? Hope so.
I'm sorry for Sophie.
Is Github keeping a list of Muslims in their platform?
That's horrifying
https://stackoverflow.com/questions/77090044/github-actions-...
https://www.praetorian.com/blog/pwn-request-hacking-microsof...
All you need is user content containing `backticked`, and a github action referencing that via eg "github.event.issue.title" where the shell would normally execute `backticked` as a command (like echo, cat, etc).
That sounds pretty specific.
No idea how that related to what I was told by the sec people shortly afterwards.