| GitHub | https://github.com/jamiemccarthy |
| Pronouns | He/him |
The bad guys have been crawling around Sendgrid's networks for over a year now, and they have news hounds writing their phishing text. Highly topical.
(Every link in here, even "unsubscribe," is a phish to, presumably, steal the credentials of the next customer)
The Sendgrid phishing network is getting political, telling its would-be victims: we're putting a pride banner on all your outgoing emails, click our phishing link to remove it.
This is a nine-figure ARR company that's had the bad guys phishing their way through its clients for the last ten months. Has anyone even noticed?
(This is not the CEO's name btw)
Holy shit, I think this is the most sophisticated hacked-Sendgrid phishing attempt yet. Someone apparently pwned a random server owned by selfcast[.]net and is sending Sendgrid email, aimed at Sendgrid admins, with links pointing to it.
selfcast[.]net appears to be a site for actors, but at first glance could plausibly be an alternate domain for an email-sending site. Nope!
The first link in the email looks valid; only the big tempting button is the phish hook
After a few months' pause, the phishing Sendgrid email fake-alerts have started back up this week. They still look pretty realistic! I almost clicked!
The headers show the phishing email as coming from Sendgrid's servers, because it actually is (this customer of theirs was hacked):
Received: from wrqvtcrk.outbound-mail.sendgrid.net (wrqvtcrk.outbound-mail.sendgrid.net. [149.[redacted]])
by mx.google.com with ESMTPS id 3f1490d57ef6-e75c0f0177esi1110886276.78.2025.05.06.03.09.59
If you have a Sendgrid (Twilio) account, be aware that for six weeks bad guys have been pwning Sendgrid accounts by spear-phishing Sendgrid admins via previously-compromised Sendgrid accounts.
The emails come from Sendgrid's servers so they are unlikely to go into your spam folder. They pass SPF etc. because they are actual emails from Sendgrid, sent by a compromised customer.
They look pretty realistic.
GitHub's recommended Action for Rails CI, the one suggested when you click "New workflow," has been broken for months.
This is an embarrassing introduction to Rails for anyone who just wants things to work.
I have two PRs that would fix it, one that's been stalled since February, and another I just pushed that fixes it in a slightly different way depending on personal preference.
Could you help me by reading and commenting on them? Thanks.
This PR fixes three separate issues I identified with the rubyonrails workflow in #2159: Most seriously, the three linting commands must be run with bundle exec as a prefix, or they simply do not ...
Clearing out my storage unit. Anyone want a very outdated 2013 edition of the pickaxe book for ruby 1.9/2.0? It’s in pretty good condition. I’ll mail it to a US destination for free. Otherwise I’m afraid I’m going to have to recycle it
edit: book has been taken! ✨
GitHub's starter CI workflow for Ruby on Rails has been broken for some time. I just submitted a PR to fix it.
I think it's pretty important because when you go to github/USERNAME/REPO/actions/new in a Rails project, this is the top-center recommendation (see screenshot). The recommended CI breaking, "out of the box," is a bad look for Rails.
Thoughts and comments are welcome!
This PR fixes three separate issues I identified with the rubyonrails workflow in #2159: Most seriously, the three linting commands must be run with bundle exec as a prefix, or they simply do not ...
GitHub's top suggested Action for a Rails app is its `ci/rubyonrails.yml`, which fails 100% repeatedly in my testing. This is a crummy introduction to Rails for new users. I filed an issue on Sunday that hasn't gotten any traction.
If you have a Rails app handy, can you try adding this Action and see whether you get the same failure I do? If not let me know! But if so, can you comment on the issue for attention? Thanks. https://github.com/actions/starter-workflows/issues/2159
