bc1q3909urygy90qhytu32344ws0t5vy085y0h7xc8 0x71faaDcAF2538e7346885F772FBAcb88740059A8 49PeCUfdgmG1ZMAzUxz2WFWiRDbDrycrJ8qYVfxBq6HWCHjk7uncaoESm7CRF5DtxcFgStuvyvcfUD3p4xU33F8dPep53MP 4 analyses tagged github, sorted newest first.
An attacker hijacked a Pythagora co-founder's GitHub account, force-pushed a Shai-Hulud credential-stealer to gpt-pilot's main branch, and lost the payload twice to ruff lint failures before any public downstream execution was shown.
On June 5, 2026, the official Azure/durabletask GitHub repository was compromised. Threat actors pushed a backdated commit ('Switched DataConverter to OrchestrationContext [skip ci]') that added a malicious tasks.json and configuration files targeting AI coding tools to execute credential-stealing payloads.
Snyk and OX tracked mouse5212-super-formatter as a malicious npm package published on 2026-05-26 and removed on 2026-05-27. The package should be treated as credential theft risk for AI-assisted workspaces, Claude/Cursor context files, GitHub tokens, npm tokens, and build logs.
A campaign inserted malicious package.json postinstall hooks into Packagist-linked GitHub repositories, causing npm install workflows to download and execute a GitHub Releases binary as /tmp/.sshd.