Login

u/Palland0s

Megalodon Malware Hits Over 5,500 GitHub Repositories in Just 6 Hours
▲ 68 r/pwnhub+1 crossposts

Megalodon Malware Hits Over 5,500 GitHub Repositories in Just 6 Hours

A new wave of Megalodon malware has compromised more than 5,500 repositories on GitHub within a mere six hours, raising alarms across the developer community.

Key Points:

  • Megalodon malware exploited vulnerabilities to take control of GitHub repos.
  • The attack surged to over 5,500 affected repositories swiftly.
  • Developers are urged to enhance security measures immediately.

Megalodon malware has become a significant threat, reportedly compromising over 5,500 repositories on GitHub in a rapid timeframe of just six hours. This alarming breach indicates the malware's capability to exploit various vulnerabilities efficiently, allowing it to spread quickly within the developer's community. Such attacks not only compromise sensitive code but also risk exposing critical data tied to these repositories, which can have severe implications for businesses relying on GitHub for version control.

The rapid escalation of this malware's impact serves as a reminder for developers and organizations to reevaluate their cybersecurity protocols. Implementing stronger security measures, such as two-factor authentication and regular audits of repository access, are essential steps in mitigating these risks. With the increasing incidence of malware targeting coding platforms, a proactive approach is vital to safeguard projects and ensure the integrity of codebases.

What steps do you think developers should prioritize to protect their repositories from such malware attacks?

Learn More: Cyber Security News

Want to stay updated on the latest cyber threats?

👉 Subscribe to /r/PwnHub

u/Palland0s — 17 hours ago
▲ 6 r/ChatGPT

The title may seem exaggerated, but it’s true: ChatGPT sends your text input long before you press the Enter key. I’ve pasted large blocks of text into the ChatGPT interface several times to edit out sensitive information afterward, and I can tell you that it’s pointless: your data is long gone!

As soon as you start typing in the interface, ChatGPT sends a POST request to specific URL to prepare the conversation. I am not sure about the effectiveness of the preparation, but i am sure that your input is already gone. You can find below the payload dump of the request. This is easily monitored trough the developer tools of any browser.

{
    "action":"next",
    "fork_from_shared_post":false,
    "parent_message_id":"client-created-root",
    "model":"auto",
    "client_prepare_state":"success",
    "timezone_offset_min":-120,
    "timezone":"Europe/Paris",
    "history_and_training_disabled":true,
    "conversation_mode":{"kind":"primary_assistant"},
    "system_hints":[],
    "partial_query":{
        "id":"XXXXXXXXXXXXXXXXXXXXXXXXXXX",
        "author":{"role":"user"},
        "content":{
            "content_type":"text",
            "parts":["hey there!"]
            }
        },
    "supports_buffering":true,
    "supported_encodings":["v1"],
    "client_contextual_info":{"app_name":"chatgpt.com"}
}

Your message stands right in partial_query.content.parts

https://preview.redd.it/ujairr3fkkzg1.png?width=1489&format=png&auto=webp&s=aa33a8cb2a2119e40e58eb04308676aedf1ab2fe

reddit.com
u/Palland0s — 17 days ago