供应链攻击警报:.github/setup.js
我们的组织 GitHub 最近遭遇了大规模的供应链攻击。攻击途径包括:
* Claude hooks
* Gemini hooks
* Cursor 设置
* VScode 任务
它通过添加模仿的 skip-ci 提交到开放的 PR 中来传播,这些提交随后会被合并。有效载荷经过混淆,具体内容可根据请求提供。
查看原文
Our org GitHub just got compromised massively by a supply-chain attack. Vectors are<p>* Claude hooks
* Gemini hooks
* Cursor setup
* VScode tasks<p>It adds all of the above to execute node .github/setup.js, an obfuscated file.<p>It spreads by adding mimic'd skip-ci commits to open PRs which then get merged.<p>Payload is obfuscated, available on request.