from Hacker News

Supply Chain Attack Targeting Linux and Mac

by hm-nah on 8/31/25, 4:16 AM with 5 comments

• by hm-nah on 8/31/25, 4:22 AM

  I got smooched by this mofo. Got an email from GitHub Sec saying a repo in my own account was deleted because of a known vuln.

  My NX Console EXTENSION in VS Code was updated after the supply chain attack was initialized by the malicious actor.

  The symptom, besides the email from GitSec, was all my terminals initialized prompted for sudo pw, because ~/.bashrc had sudo shutdown appended.