{
  "title": "Pythagora gpt-pilot GitHub Compromise",
  "summary": "An attacker hijacked a Pythagora co-founder's GitHub account, force-pushed a Shai-Hulud credential-stealer to gpt-pilot's main branch, and lost the payload twice to ruff lint failures before any public downstream execution was shown.",
  "date": "2026-06-17",
  "severity": "critical",
  "tags": [
    "github",
    "ci-cd",
    "supply-chain",
    "credential-theft",
    "shai-hulud",
    "python"
  ],
  "sources_count": 2,
  "indicators": {
    "slug": "pythagora-gpt-pilot-github-compromise",
    "since": "2026-06-17T00:00:00Z",
    "until": "2026-06-17T23:59:59Z",
    "ecosystem": "",
    "cves": [],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [],
    "hashes": [
      "53154df1c66b42021f230c3fb6ef797c4b7c3e83",
      "90f59f5de6819a43ffe9b6272e3ed65aaadca804"
    ],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}