![Ax_Sharma's tweet photo. A GitHub flaw lets attackers upload executables that appear to be hosted on a company's official repo, such as Microsoft's—without the repo owner knowing anything about it.
The following URLs, for example, make it seem like these ZIPs are present on Microsoft's source code repo:
https://github[.]com/microsoft/vcpkg/files/14125503/Cheat.Lab.2.7.2.zip
https://github[.]com/microsoft/STL/files/14432565/Cheater.Pro.1.6.0.zip
But they are not. These ZIPs are #malware.
An attacker, while commenting on any GitHub commit/PR, can "attach" a file that gets assigned a URL slug containing the name of the repo where the comment was made. Even if the comment is never actually posted or later deleted by the attacker, the link to the file remains live!
And, the repo owner (Microsoft in this case) would have no knowledge of or control over such files.
Threat actors have been abusing this flaw to distribute malicious executables under the false pretense that these are coming from credible organizations' code repos.](https://pbs.twimg.com/media/GLniIaEW0AESezm.jpg)
Olivia
Online
TiTom
@TiTom73
Opinions expressed on Twitter are my own
127.0.0.1 in transit
Joined April 2011
812 Following
207 Followers
2.4K Posts
Souvenir d’une longue attente pour que tout s’aligne: couché de soleil, arbre graphique, et réveil pour la chasse. #photography #wildlife #uganda
Plus d’images: https://t.co/OsjvgDI9Qz
@ponceto91 @StephaneTrebel @Xavier75 Aussi sur Massy: Ça fait 1 an que Free infra a “mis aux normes” l’armoire optique de la résidence et depuis les clients Orange n’ont plus de fibre.
Finalement passage début septembre chez Free mais ça mouline pour un problème de “continuité “ pour votre logement.
#Prévention | Vous avez peut-être découvert dans vos boites aux lettres un courrier de l’assurance maladie vous invitant à scanner un QR code pour sécuriser vos comptes.
⚠️ Soyez attentifs : il s’agit d’une nouvelle arnaque.
Hélène vous explique ⬇️
What's up doc ?!
The beak is the main characteristic of the species, as it resembles a hoof. The shape of the beak appears, in fact, to be very well adapted to fishing in murky, shallow, and plant-cluttered waters.
#photography #nature #wildlife
More: https://t.co/Bg2oQfsgVP
🚨 Malicious package called "mkdocs-material" on npm.
Yesterday, a malicious package with the name "mkdocs-material" was released on npm. DO NOT INSTALL IT. We've reported it, and hope that @npmjs responds fast and deletes it quickly.
https://t.co/BK8ofGFmCx
Quant à Tris, non pas qu'elle chante, mais elle est la fondatrice de @Projet_Arcadie media français de salubrité publique consacré au Parlement. En ces temps politiques troublés, soutenir ces médias est important. Celui-ci ne vit que des dons.
https://t.co/WitL9YA7eQ
Been listening to the explosion of Mongolian Metal Bands over the last years.
This is THE HU.
They are amazing.
Get ready.
Italie 🇮🇹 - #Etna
🔸L'éruption de l'Etna depuis Lipari à 75km de distance. Ça donne une idée de la taille des jets de lave du volcan.
Une merveilleuse 📷 d'Emanuel Raffaele via @mondoterremoti
🅰️ Ansible + NetBox Tip: Rather than using Ansible to render your Jinja templates, have NetBox render them directly using its Config Template feature!
Here's an example of how to use Ansible to trigger NetBox to render the config and then save the configuration locally 👇
A thread on the passage of time
1. The Arctic, 100 years ago & today
A quick call can turn into a long fall from productivity. 😆
It is easy to install containerlab - a single command.
It is easy to deploy a lab - again, a single command.
Wouldn't it be nice also not to think about where to get the compute to run the lab on? This wish has just been granted 🤗
Let me introduce you to our latest development -- Containerlab in Codespaces
@opsmill_com Transforms Infrastructure Automation with Beta Release of Open Source Infrahub https://t.co/Q4OOeexxUY
Debugging code is like being a detective in a crime novel where you're pretty sure the murderer is yourself. Just leave it to the break points and copious amounts of coffee, they'll surely crack the case
A GitHub flaw lets attackers upload executables that appear to be hosted on a company's official repo, such as Microsoft's—without the repo owner knowing anything about it.
The following URLs, for example, make it seem like these ZIPs are present on Microsoft's source code repo:
https://github[.]com/microsoft/vcpkg/files/14125503/Cheat.Lab.2.7.2.zip
https://github[.]com/microsoft/STL/files/14432565/Cheater.Pro.1.6.0.zip
But they are not. These ZIPs are #malware.
An attacker, while commenting on any GitHub commit/PR, can "attach" a file that gets assigned a URL slug containing the name of the repo where the comment was made. Even if the comment is never actually posted or later deleted by the attacker, the link to the file remains live!
And, the repo owner (Microsoft in this case) would have no knowledge of or control over such files.
Threat actors have been abusing this flaw to distribute malicious executables under the false pretense that these are coming from credible organizations' code repos.
![Ax_Sharma's tweet photo. A GitHub flaw lets attackers upload executables that appear to be hosted on a company's official repo, such as Microsoft's—without the repo owner knowing anything about it.
The following URLs, for example, make it seem like these ZIPs are present on Microsoft's source code repo:
https://github[.]com/microsoft/vcpkg/files/14125503/Cheat.Lab.2.7.2.zip
https://github[.]com/microsoft/STL/files/14432565/Cheater.Pro.1.6.0.zip
But they are not. These ZIPs are #malware.
An attacker, while commenting on any GitHub commit/PR, can "attach" a file that gets assigned a URL slug containing the name of the repo where the comment was made. Even if the comment is never actually posted or later deleted by the attacker, the link to the file remains live!
And, the repo owner (Microsoft in this case) would have no knowledge of or control over such files.
Threat actors have been abusing this flaw to distribute malicious executables under the false pretense that these are coming from credible organizations' code repos.](https://pbs.twimg.com/media/GLniVxCW4AA-OJ3.jpg)
Containerlab v0.53.0 is out, which means Fortigate is available to all, as well as FreeBSD
and
the experimental drawio diagrams generation 🖼️
by simply typing "containerlab graph --drawio"
Est-ce que je viens de porter le code original de Doom datant de 30 ans pour le faire fonctionner dans le navigateur ? Oui ! Et ce sera l'objet du live Twitch de demain 🔥
Every. Single. New. Google. Product.
@BraydenCreation 15mm and not wide enough
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers