Discussion
Loading...

Post

Log in
  • About
  • Code of conduct
  • Privacy
  • Users
  • Instances
  • About Bonfire
Brandon Mitchell
@bmitch@fosstodon.org  ·  activity timestamp last week

If you've ever typoed ghcr to ghrc, particularly with a "docker login" or any automation that performs a login to the container registry, I'm seeing a strong indication that your GitHub credentials have been leaked to a malicious actor.

https://bmitch.net/blog/2025-08-22-ghrc-appears-malicious/

#docker #container #registry#OCI #security

  • Copy link
  • Flag this post
  • Block
Log in

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances
Bonfire social · 1.0.0-rc.2.11 no JS en
Automatic federation enabled
  • Explore
  • About
  • Members
  • Code of Conduct