ON June 8, 2026, the GitHub account of a co-founder of Pythagora-io/gpt-pilot was compromised, resulting in a malicious force push that included a credential-stealing payload named Shai-Hulud. The attack was thwarted by a Python linter, ruff, which caught code violations, preventing the malware from executing. The malicious payload used obfuscated JavaScript aimed at stealing credentials from various platforms. The incident highlights the importance of CI/CD security measures, such as branch protection, and tracking force pushes to mitigate future risks.
GitHub Account Hacked, Malicious Code Blocked by Python Linter
CyberSIXT Evidence Panel
Source marked as original reporting
Article by CyberSIXT