Olivia
Online
Ionut-Cristian Florescu
@icflorescu
TypeScript, JS, React & Node.js geek. Creator of Mantine DataTable, PocketBaseUML & other OSS. Love freedom, cats, nature walks. Hate hypocrisy & xenophobia.
Bucharest
Joined April 2012
354 Following
236 Followers
1.3K Posts
Pinned Tweet
My GitHub account @icflorescu has been suspended for 3 days, while a worm's payload sits live in 5 of my public repos. The same worm (Miasma) hit 73 Microsoft repos; GitHub disabled those in 105 seconds. Mine are still up. @GitHub, help? Write-up: https://t.co/YGUFlWHxGl
New credentials attack on Google, it's a subtle one. The email actually comes from https://t.co/qmUt6syHRr. It informs you that your recovery contact (an email you don't recognize) is about to reset your password and prompts you to take action. There's a link that appears to point to https://t.co/pOKO2bTLeC but uses the continue URL parameter to redirect you to https://t.co/Ncvbz3poTV, which hosts the attacker's site. If you scroll down, you can see the bottom of the email, which just shows that someone is asking to add you as their recovery contact. The entire first part of the email is a user-controlled field in Google's system that the attacker controlled to include the malicious link and text.
It's over, for now. After 4 days locked out, my GitHub account is back and every repo is clean.
The forensics confirmed it: a gh CLI token from January somehow survived, was quietly stolen and reused months later.
Some questions are still open.
https://t.co/2H18tWo77w
‼️🚨 BREAKING: Miasma, a self-propagating supply-chain worm built on the Shai-Hulud and Hades lineage, is now open source. It follows the recent open-sourcing of Shai-Hulud and is already spawning copycats. Attackers now have ready-made worm code in hand.
Submit High / Crit to HackerOne
Analysts move at pace of molasses.
Program company gets breached (unrelated) weeks later.
Issue fixed during response.
Report finally closed as informative because it was never escalated.
Why even bother?
For what it’s worth, here’s proof GitHub has known about this for since at least Sept 2025. Longer based on the original report. how many GitHub customers were impacted by the worm with this?
M$ needs to fund GitHub security and dev teams so they can actually fix bugs.
Earlier today I lost access to my forked repo for azure-function-core-tools where I've contributed and Github told me it was due to a violation of GitHub's terms of service.
I went to the main repo and it says the same.
https://t.co/P5cqb6FR4f
Now we have this post.
https://t.co/yaFK9R3MmP
From his wife. He lost access to his Github account.
The repos with the malicious code are still live.
https://t.co/Nv6NnFMntY
His own LinkedIn post.
https://t.co/Kocs7VjkBm
The concerning part of the post:
"We have checked our own environments thoroughly and found no traces of compromise. We suspect this may be part of the broader GitHub infrastructure breach carried out by the TeamPCP hacking group in May 2026"
@adnanthekhan @ThePrimeagen @theo Already tried that myself, but my voice is not big enough to reach that someone with a bigger microphone. And tbh, I'm so goddamn tired and frustrated by whole this that I'm seriously considering quitting writing open-source.
@adnanthekhan @github Thanks Adnan. I'm the maintainer, still suspended. Same worm hit 73 Microsoft repos; GitHub disabled those in 105 seconds, mine are still live 3 days later. The commit is forged/unsigned, not a real bot, and detonates via AI-IDE config. Full teardown: https://t.co/YGUFlWHxGl
@theo so, symlinking is a bad idea, huh?
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack https://t.co/pSS7VHKrVq via @TheHackersNews
@dev_maims Why would you get one? AFAIK, there's still no way to install a decent Arch Linux distro on one of those...
@justbyte_ you don't have the burden ow owning stuff
@starter_story if the coffee shop was on bridge of the titanic, yes, you can
@zeeg most people don't even know serverless means many servers
@vikrambuilds An unpopular opinion gaining traction lately.
@icanvardar us exceptionalists would say otherwise
Last Seen Users on Sotwe
D•A•R•K 
Seen from Sweden
yaya
Seen from Indonesia
海王
Seen from United States
MyBiniGweh
Seen from Germany
milkopenbar
Seen from Netherlands
あの🐳
Seen from Germany
Sri Ayu Wardani
Seen from Indonesia
奶香娇妻mu
Seen from United States
Nita belahan
Seen from Indonesia
Str8 Curious Guys (18+ ONLY)
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers