Mantine-datatable (and others) compromised – owner account suspended
justsomehuman
66 points
24 comments
June 05, 2026
Related Discussions
Found 5 related stories in 105.1ms across 10,002 title embeddings via pgvector HNSW
- GitHub Accounts Compromised 6mile · 13 pts · March 11, 2026 · 47% similar
- My domain got abused on GitHub Pages rmeertens · 60 pts · May 19, 2026 · 46% similar
- GitHub Compromised claaams · 95 pts · May 20, 2026 · 43% similar
- Mass NPM Supply Chain Attack Hits TanStack, Mistral AI, and 170 Packages birdculture · 18 pts · May 12, 2026 · 43% similar
- Microsoft suspends dev accounts for high-profile open source projects N19PEDL2 · 361 pts · April 10, 2026 · 43% similar
Discussion Highlights (6 comments)
j1elo
So in summary: * GitHub's backwards priorities end up causing a hack on their systems. * Hackers use their newly gained powers to compromise other people's repos. * GitHub dectects compromised repo, and suspends the account of its maintainer, so they cannot warn nor act against it to protect or at least warn their community of users. "I cause a fire, and later ban you for getting burned." No wonder people are leaving.
jerf
"We have checked our own environments thoroughly and found no traces of compromise. We suspect this may be part of the broader GitHub infrastructure breach carried out by the TeamPCP hacking group in May 2026: https://techcrunch.com/2026/05/20/github-says-hackers-stole-... " Greater HN collective, please help me metaphorically double-click on this. I've poked around a bit but didn't find out much more than the given link. What are we concerned about the hack possibly having accomplished? Because stealing repos is bad enough... but are we saying it's possible that commits can now magically appear in repos from hackers? I don't want to raise any alarms if I'm misreading this or if we're early in the news cycle, but if that's possible, I and a lot of other people reading this need to have some immediate conversations with a lot of people. So... is that what this is saying? Or am I misreading it? I sure hope so.
tom1337
Looking at the setup.js it seems to be an infostealer which posts the found details to a newly created github repo (on the victims account) or a command and control server. As far as I can tell it looks for github secrets and kubernetes cluster secrets.
Carbonhell
Seems like it's similar to the attack reported in this other HN post: https://news.ycombinator.com/item?id=48409869
christeamrs
We're working on an antiworm. One of our customers got affected. Our tool already discovers infected repositories and mitigates/removes the implants from the filesystem. Please revoke/rotate all your tokens and passwords that were used in the infected repositories, the worm is pretty sophisticated. https://github.com/Team-Rockstars-Security/antimiasma
wewewedxfgdf
Its funnyweird that the post is from his wife rather than from him using his wife's account.