cm0002@lemy.lol to Python@programming.dev · 2 months agoHackers Hijacked a GitHub Actions Workflow to Push Malicious Code to PyPIitsfoss.comexternal-linkmessage-square2linkfedilinkarrow-up132arrow-down11
arrow-up131arrow-down1external-linkHackers Hijacked a GitHub Actions Workflow to Push Malicious Code to PyPIitsfoss.comcm0002@lemy.lol to Python@programming.dev · 2 months agomessage-square2linkfedilink
minus-squareGamma@beehaw.orglinkfedilinkEnglisharrow-up5·2 months ago [The action] was set up in a way where text from a PR comment could be passed directly into a shell command, so whatever the comment said, the runner would execute it. Oh, lol
Oh, lol