Back to realdominikofficial's feed

Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter (opens in new tab)  🎨Color Grading  Content type: Blog  5 articles covering this post

stepsecurity.io··Hacker News·Covered by bleepingcomputer.com + 4 more·Open original (opens in new tab)

An attacker hijacked a co-founder's GitHub account for gpt-pilot, a 33K-star AI coding tool, and force-pushed a credential-stealing Shai-Hulud payload to the main branch. The ruff Python linter caught formatting and lint violations in the malicious code and blocked the CI build -- twice. The attacker gave up.

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Cited by 5 articles

GitHub disables Microsoft repos pushing password-stealing malware

bleepingcomputer.com··Hacker News

This Week in Security: Microsoft on Microsoft, Register Your Domains, Linux on ARM, and FreeBSD Joins the File Cache Club

hackaday.com·

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

thehackernews.com·
View all 5 ›

Keyboard Shortcuts

Navigation

Next / previous item
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Browse
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help