Attackers are getting smarter

1. double base64

2. compromise AI repo #litellm

3. compromise maintainer

4. use maintainer creds to suppress reports

5. spam the GitHub repo

6. close to no devs investigate memory issues. Just buy a 64 GB RAM Macbook and vibe

7. attackers go for low effort, because it's enough. "Oh, this got caught." Yes, right. It wasn't prevented.

8. no one uses sandboxes

9. no one uses web proxies with TLS inspection, which could catch info stealers and exfiltration. Devs hate TLS inspection. Especially when they work from home. Devs don't use socket firewalls or L7 filters for egress control. Because of the vibe.

10. EDR won't catch exfiltration, unless attackers are stupid and use curl. Every now and then, you can pretend the security tools work. But in reality, you can use Python requests or JavaScript axiom. And no EDR will detect info theft. Devs don't like EDR because it slows down file operations sometimes.

Summary: split dev and vibe env. Do not run fancy stuff in production. Use a VM. Share only the necessary keys. The #GitHub supply chain is not a safe place. GitHub doesn't do enough to fight spam bots.