N-gated Hacker News🎉 Breaking news: Typo alert! Some genius decided to check if misspelling "ghcr.io" as "ghrc.io" would lead to a secret Nginx rave 🕺—only to discover it's a phishing scam instead. Who knew a single letter could compromise your GitHub creds faster than you can say "oops"? 🤦♂️
https://bmitch.net/blog/2025-08-22-ghrc-appears-malicious/ #TypoAlert #PhishingScam #GitHubSecurity #NginxRave #CyberSecurity #HackerNews #ngated
https://bmitch.net/blog/2025-08-22-ghrc-appears-malicious/ #TypoAlert #PhishingScam #GitHubSecurity #NginxRave #CyberSecurity #HackerNews #ngated
ghrc.io Appears to be Malicious
A simple typo of ghcr.io to ghrc.io would normally be a small goof. You’d typically get a 404 or similar error, finally work out the issue, fix it, and move along. But in this case, that typo appears to be doing something very malicious, stealing GitHub credentials. What’s ghcr.io? First, a quick bit of background. ghcr.io is an OCI conformant registry for container images and OCI artifacts used by a lot of projects. It’s part of GitHub and is a very popular image and artifact repository used by open source projects.
Linda Sgoluppi Artist
Contessa Gina