Login

u/Dangerous_Coyote_123

▲ 3 r/PasswordsManager+1 crossposts

GitHub, OpenAI, Mistral: one hacking group is hitting the entire dev ecosystem

Just read this new WIRED piece about TeamPCP and this whole thing is kinda insane.

These guys allegedly compromised open-source packages, VS Code extensions, Docker images, GitHub repos, basically the entire dev ecosystem. Instead of tricking random users, they’re going after developers directly and poisoning tools people already trust.

One employee apparently installed a malicious VS Code extension and it reportedly ended up exposing thousands of internal GitHub repos. That’s honestly terrifying because this is exactly the kind of thing most devs wouldn’t even question.

What makes this worse is that modern dev workflows are full of dependencies nobody audits properly. One compromised package and suddenly your whole pipeline is cooked. They even targeted security tools themselves. Like imagine downloading a security scanner and that’s what infects your system.

We’re reaching a point where “don’t download sketchy files” doesn’t even work as advice anymore because the sketchy stuff now looks completely legit.

reddit.com
u/Dangerous_Coyote_123 — 1 day ago
▲ 3 r/RecommandedVPN

Hackers are bypassing SonicWall VPN MFA protections

Attackers are actively targeting SonicWall Gen6 SSL-VPN appliances and reportedly bypassing MFA protections because many systems were only partially patched.
The attackers brute-force VPN logins, gain remote access, then quickly move into reconnaissance and lateral movement tied to ransomware-style operations.

What’s worrying is that some organizations believed they were fully patched already, but additional remediation steps were still required on certain devices. If you’re running older SonicWall hardware, now is probably the time to review configs, logs, and firmware status carefully.

reddit.com
u/Dangerous_Coyote_123 — 2 days ago
▲ 1 r/PasswordsManager

How hackers actually use leaked passwords

Crazy how people think leaked passwords only matter if they reuse the exact same password.

Hackers don’t just try one login and give up. They use leaked passwords to:
- break into your email first (then reset everything else)
- test combos on Netflix, PayPal, Steam, banking apps, etc.
- build profiles on you from old leaks
- target family members with phishing
- sell “verified” accounts in bulk

One leaked password from 2017 can still ruin your day in 2026 if you reused it somewhere.

This is exactly why password managers + unique passwords matter so much. One leak shouldn’t unlock your entire life.

reddit.com
u/Dangerous_Coyote_123 — 4 days ago