Omar Kurt

🚨 GitHub source code allegedly offered for sale: Internal orgs and private repositories claimed A threat actor using the alias TeamPCP claims to be selling GitHub source code and internal organization data. The actor claims the dataset includes around 4,000 private repositories and says samples can be provided to interested buyers to verify authenticity. ━━━━━━━━━━━━━━━━━━━━ Target: GitHub Country: United States Sector: Technology / Software Development / Source Code Incident Type: Alleged Source Code Sale Claimed Exposure: Around 4,000 private repositories Actor: TeamPCP Price: Offers over $50,000 ━━━━━━━━━━━━━━━━━━━━ According to the post, the actor claims the material includes source code and internal organization data tied to GitHub’s main platform. The post also references a public file list and includes screenshots showing numerous repository archive names. Why it matters: If authentic, exposed source code and internal repository data could increase the risk of code review by hostile actors, vulnerability discovery, supply chain targeting, impersonation, phishing, and follow-on attacks against developer infrastructure. Status: This remains an unverified underground forum claim. The actor states this is not a ransom attempt and claims the data may be leaked publicly if no buyer is found. Stop guessing what's redacted. Subscribers see everything → https://t.co/281Qjc6WSh

🚨 UPDATE: 19 MILLION exposed NGINX instances hit by the 18-year-old NGINX RCE found by AI. Top exposure by country: - United States: 5,340,011 - China: 2,540,008 - Germany: 1,871,780 Note on ASLR as added security: not all of these instances will have ASLR disabled, but every one of them is running a version inside the vulnerable band. The vulnerability is a heap buffer overflow. ASLR randomizes memory layout, which makes reliable RCE much harder because the attacker cannot predict where their payload or useful gadgets land. But the overflow itself still happens. The corrupted memory still causes the NGINX worker process to crash. ASLR-enabled hosts are still trivially DoS-able. ASLR-disabled or non-PIE builds are RCE-able. Either way, patch ASAP!

❗️ UPDATE on today's npm supply-chain attack: • Per Socket Security: 121 more compromised package artifacts found across 84 additional package names. 64 of them are UiPath artifacts. • Combined with the earlier TanStack hits, the current known total is 205 affected npm package artifacts. • Reach now spans enterprise automation, AI/MCP, auth, workflow, and dev tooling. The worm is still propagating.