namesquatting-> RCE from package installers progress: found two expired domains so far, which I _would_ just buy so the names can be occupied again, except the domain squatters got them first so it’s $2–3k each to prevent that now.

i guess that could be cheap if you think your target is using those packages 🤷

also if anyone has tips to get an account un-suspended on github i’ve already found a few more exploitable names there…