GitHub is investigating the Tweet published Wed, Aug. 3, 2022: * No repositories were compromised * Malicious code was posted to cloned repositories, not the repositories themselves * The clones were quarantined and there was no evident compromise of GitHub or maintainer accounts
@GitHubSecurity 22,484 forks and possible pull requests - and no one pulled the request my trust in the competence of open source devs remains unshaken
@GitHubSecurity You really need to get this account @verified
@GitHubSecurity @cyb3rops You guys should change the definition of “compromised”. Seems to be a popular thing lately.
@GitHubSecurity @Malwar3Ninja Fork request Friday and IRs for everyone… glad this was caught
@GitHubSecurity Way too noisy to be serious. Either a white hacker or a proove of concept against something that has happened before or might happen in the future.
@GitHubSecurity @stephenlacy Any stats on how many times those repos were downloaded?
@GitHubSecurity Forks}}} Request}}}}}}}}}}}}}}}}}}}}}}}}}}}}}merge