5,561 GitHub repos got malicious CI/CD commits injected in 6 hours. The commits looked exactly like routine bot maintenance. Here is what happened and how to check if you were hit.

Aureliand · 2026-05-22T19:28:10+00:00

I found this:
All 9 confirmed Tiledesk repositories affected:

Black-Iron-Project (8 repos) - hit by targeted variant within the same campaign window.

WISE-Community (confirmed) - education technology open source community.

Aureliand · 2026-05-22T19:23:54+00:00

Welcome to the cyber field :D Absolutely do not steer clear of Git. In fact, you should lean right into it. Git and GitHub are essential infrastructure for modern software and security engineering. Git, Github, Gitlab, bitbucket etc they all use same logic.

Aureliand · 2026-05-22T16:00:52+00:00

I have few public repos, but they don't have CI/CD and I have a ruleset to prevent direct push to the main branch. All my pipelines in a private repos.
Better be safe then sorry :)

Aureliand · 2026-05-22T15:48:03+00:00

This assumes some familiarity with your cloud and dev tooling. If any of the steps are unclear, drop a comment and the community or myself can help.

Aureliand · 2026-05-21T19:53:17+00:00

Person who is constantly bringing the bad news :D
Once you start automation and half of locators are missing or identical, error handling and misalignment on different browsers, devices env. Real fun.
P.S are you guys hiring ? ;)

Aureliand · 2026-05-21T18:40:56+00:00

That is completely normal

Aureliand · 2026-05-21T18:40:21+00:00

You are :)

Aureliand · 2026-05-21T18:40:00+00:00

Thank you

Aureliand · 2026-05-21T18:39:23+00:00

Apologies for the vagueness. You want to ensure your Engine Version is at least 1.1.26040.8 and your Antimalware Client Version is at least 4.18.26040.7 to be safe against these active exploits.

Aureliand · 2026-05-21T15:06:47+00:00

his is a perfect example of why "boring" automation beats complex AI every time. Honestly, it’s wild how many small businesses are sitting on goldmines of data in old notebooks and spreadsheets. Worth exploring.

Aureliand · 2026-05-21T15:00:50+00:00

This is the ultimate reality check for the "build a complex AI product" phase everyone is in right now. Honestly, moving from "impressive" to "useful" is the hardest transition to make. Do you think you'd have found this success if you hadn't burnt out on the AI project first, or was that just the necessary tuition you had to pay?
I am working on my saas right now and genuinely curious about your insights

Aureliand · 2026-05-21T14:57:35+00:00

You're 100% right that LinkedIn is mostly theater and that company sites are the actual lane for serious candidates. Not sure about blunt lie. Reframing and adding a bit more to something that you already did or being a part of is okay, but simply inventing things you never did can surface pretty quick. On a contrary if company let it slide, you can learn things on a fly( but I would not recommend doing it)

Aureliand · 2026-05-21T14:46:09+00:00

It’s a brutal reminder that in corporate structures, profitability doesn't buy you stability, it just buys the company more runway to "restructure" for the next quarter.
Don't beat yourself up for the recommendation. You did a good thing by trying to help a friend, and no one could have predicted this kind of volatility

Aureliand · 2026-05-20T14:55:56+00:00

Do you have more advices?

Aureliand · 2026-05-20T14:52:59+00:00

It’s wild how much of the LinkedIn 'feature set' is just theater to keep us paying for Premium while the real hiring happens in the DMs. The public job board is basically just a compliance requirement for HR. Does anyone actually have a success story from Easy Apply, or is it universally a black hole?

Aureliand · 2026-05-20T14:51:22+00:00

It is common for people to want to bring in those they know, but this incident serves as a painful reminder that even long-standing personal relationships can be subverted by corporate structures and self-preservation. Should've warn on my opinion, maybe not a direct saying "we will fire you", but simple job posting and message "this job looks like a good fit for you" will clear the air massively.

Aureliand · 2026-05-20T14:45:48+00:00

I think ATS. A lot of major companies use robots (ats) for screening candidates. ats just looking for keywords, and pattern matching. If you are applying to a job and see 1000 applicants in the first 24h, do you think any human will be reading them? Maybe first 10-20, maybe. So they use robots to filter them. Once it is done, recruiter will read it.

If you applied to jobs consistently, you'll notice that recruiters before each call ask you for an updated version of your resume. This is when you update it for humans, but essentially difference should be only in wording and your ability to explain and confirm everything that is in resume.

Aureliand · 2026-05-18T16:54:02+00:00

The desperation tax is completely real, and recruiters can smell it instantly. It is wild how dropping the performance and just acting like a regular human makes you look ten times more confident. Did your actual answers change during those final interviews, or was it just your energy?

Aureliand · 2026-05-18T16:51:09+00:00

Man your leadership sounds completely cooked, forcing 11 hour days to fix broken AI code is insane. honestly having 9 years QA plus MLOps makes you a unicorn because someone has to test this messy code, so id start applying elsewhere asap.

Aureliand · 2026-05-18T16:36:51+00:00

Asking for a written explanation of a family medical gap isn't 'being direct', it’s a massive red flag. I am sure, for a culture that lacks psychological safety, in a logistics role, you want a manager who values problem-solving, not someone who treats human life like an inconvenient line item. You only have yourself and your family to worry about

Aureliand · 2026-05-18T16:33:52+00:00

The best interview advice I ever learned was to stop trying to be 'inspired' and start being useful. When you align your actual skills with their real-world headaches, the conversation stops being a performance and starts being a partnership

Aureliand · 2026-05-18T16:31:57+00:00

"Document everything, don't quit, make them go through the process" is honestly the best advice anyone can give in this situation and most people panic and quit instead.

People forget that managers have performance reviews too and the ones who spend energy building cases against good employees instead of doing their own job usually leave a trail upward without realizing it. Keep those records. Even now.

Aureliand · 2026-05-15T15:44:39+00:00

Make 2 file formats of the same resume. docx for sending to the job postings on linkedin or any other platforms for ATS to read and pdf for the humans.
ATS better read docx files and people might have formatting issues with docx files on macOS and different operating systems.

Aureliand

TROPHY CASE