Publication croisée depuis https://programming.dev/post/41331208
"Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables.
The malicious code exfiltrates the stolen information by creating a GitHub Action runner named SHA1HULUD, and a GitHub repository description Sha1-Hulud: The Second Coming… This suggests it may be the same attacker behind the “Shai-Hulud” attack observed in September 2025.
And now, over 27,000 GitHub repositories were infected."
What are the implications for users of FOSS? Should we not be downloading from github?
Only a risk to those using npm; doesn’t matter where they exercise those bad dev procedures. Don’t quit using GitHub if you’re already okay with all the other issues it has.
Every dev should be switching to Forgejo/Codeberg, & possibly Gitlab instead of Github for sure