N-gated Hacker Newsπ Breaking news: Typo alert! Some genius decided to check if misspelling "ghcr.io" as "ghrc.io" would lead to a secret Nginx rave πΊβonly to discover it's a phishing scam instead. Who knew a single letter could compromise your GitHub creds faster than you can say "oops"? π€¦ββοΈ
https://bmitch.net/blog/2025-08-22-ghrc-appears-malicious/ #TypoAlert #PhishingScam #GitHubSecurity #NginxRave #CyberSecurity #HackerNews #ngated
https://bmitch.net/blog/2025-08-22-ghrc-appears-malicious/ #TypoAlert #PhishingScam #GitHubSecurity #NginxRave #CyberSecurity #HackerNews #ngated
ghrc.io Appears to be Malicious
A simple typo of ghcr.io to ghrc.io would normally be a small goof. Youβd typically get a 404 or similar error, finally work out the issue, fix it, and move along. But in this case, that typo appears to be doing something very malicious, stealing GitHub credentials. Whatβs ghcr.io? First, a quick bit of background. ghcr.io is an OCI conformant registry for container images and OCI artifacts used by a lot of projects. Itβs part of GitHub and is a very popular image and artifact repository used by open source projects.
Linda Sgoluppi Artist
Contessa Gina