Back to queenrose54's feed

Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter (opens in new tab)  🔸AWS

stepsecurity.io··Hacker News·Cited by 5 articles·Open original (opens in new tab)

An attacker hijacked a co-founder's GitHub account for gpt-pilot, a 33K-star AI coding tool, and force-pushed a credential-stealing Shai-Hulud payload to the main branch. The ruff Python linter caught formatting and lint violations in the malicious code and blocked the CI build -- twice. The attacker gave up.

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Cited by 5 articles

This Week in Security: Microsoft on Microsoft, Register Your Domains, Linux on ARM, and FreeBSD Joins the File Cache Club

hackaday.com·

Risky Bulletin: Meta says NSO violated court order with new campaign targeting WhatsApp

news.risky.biz·

GitHub disables Microsoft repos pushing password-stealing malware

bleepingcomputer.com··Hacker News
View all 5 ›

Keyboard Shortcuts

Navigation

Next / previous item
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Browse
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help