The attack is being described as “sophisticated” but we can thank our (GitHub) stars that the exfil was a half-assed job that ultimately made only public repos vulnerable and made it obvious in logs whether a compromise occurred.

It’s almost like a grey-hat attacker trying to make the supply chain vulnerabilities more visible without doing major damage themselves. Almost.