Matt's Homepage

The TeamPCP hacker group on the Breached cybercrime forum claimed it had gained access to nearly 4,000 private GitHub repositories via the breach.

GitHub has officially confirmed, via an X post today, that thousands of its internal repositories were breached after an employee’s device was compromised through a malicious Visual Studio Code extension.

The group alleged that it had exfiltrated internal source code and other private data, and stated that it was seeking at least $50,000 from potential buyers for the stolen material. “This is not a ransom,” the group wrote in its post, adding that it intended to sell the data rather than extort GitHub directly, and threatening to leak the repositories publicly if no buyer emerged.

TeamPCP has previously been linked to several high-profile campaigns involving platforms such as GitHub, PyPI, npm, and Docker. At the same time, malicious VS Code extensions have repeatedly surfaced in recent years as an increasingly effective vector for breaches and malware delivery.

Federal agencies will no longer be required to solicit software attestations that they comply with NIST’s Secure Software Development Framework (SSDF).

The SBOM requirement has lead to a small cottage industry of scanning and CI tools that provide this functionality. It will be interesting to see how that all develops, but constantly changing industry standards and practices is not good for businesses.

The US used to thoughtfully and carefully roll out changes like this in the past. In our increasingly polarized political climate, software companies are increasingly whipsawed back and forth. Adding and removing requirements like this is not a zero-cost change. Compliance burdens cost money, time, and credibility to any company based here in the US.

XINT.io, with the help of AI, just demonstrated a 732 byte exploit that gets root on every major Linux distribution shipped since 2017. This is a flaw that went unnoticed for almost a decade now. You can only imagine how many more AI is going to help people find.

Copy Fail (CVE-2026-31431) is a logic bug in the Linux kernel’s authencesn cryptographic template. It lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system. A single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017.

Casey Muratori at the Better Software Conference walks us through how data in game development (and other systems) started with simple coherent structures that were best for cpu and cache coherency layout and then morphed into hierarchies of objects that following the in-vogue trend of late 90’s programming.

This lead to changing the compile-time data arrangement from what’s best for the computer to compiling data into arbitrarily arranged memory locations that matched the real-world things you’re trying to model.

He does a great job of breaking down the history and effects of what has happened in the 20 years since. I remember going to a GDC talk in which a game developer building a racing game struggled and struggled to get performance from his OOP arranged data. In the end, he realized that he should simply lay out the data in memory linearly and got multiple times more speed.

Today, developers from racing games to AI are re-discovering that laying things out linearly and adhering to cache consistent access (ex: GPUs) is where the highest end performance is unleashed.

I didn’t even realize the old Bop-It toy had an ending. The original edition ended after a maximum score of 100. The second edition went up to 200 points.