I’m curious exactly what happened here. The 404media article isn’t detailed enough to be sure. My guess is the PR took advantage of some code injection possibilities in the GitHub Actions on the repo to grant the attacker admin access. But that’s a wild guess.
5 comments
[ 4.2 ms ] story [ 24.8 ms ] threadAnother article came out earlier about dataloss from some vibecoding project and an automated snapshot setup would have mitigated this very issue.