I'm also a victim of this. Last time I try and install Backstage.
Have you wiped your laptop/infected machine? If not I would recommend it; part of it created a ~/.dev-env directory which turned my laptop into a GitHub runner, allowing for remote code execution.
I have a read-only filesystem OS (Bluefin Linux) and I don't know quite how much this has saved me, because so much of the attack happens in the home directory.
It does install a GitHub runner and registers the infected machine as a runner, so remote code execution remains possible. It might be a stretch to call it persistent but it definitely tries.
Having been using Grafana community/cloud for a number of years, my new gig is currently moving everything to SigNoz. Mostly slick, under active development, communicative team, open source... what's not to love?
Vs. you can click on the "(consumerreports.org)" link in the title, to quickly see if something is an actual duplicate submission.
Also notice how the "X [hours|days] ago" text changes, depending on context. Vs. the mouseover timestamp for that is always the original submission time.
I'm so tired of opening every program or app I have to use for work and being met by a popup or notification that I can, should I wish, do something with AI. I can't even change focus of a Meet window without it popping up suggesting Gemini, and I can see that notification countless times in a day. Can't turn it off, I'm not an Org Admin.
I just want to not have it shoved in my face. It's exhausting.
Have you wiped your laptop/infected machine? If not I would recommend it; part of it created a ~/.dev-env directory which turned my laptop into a GitHub runner, allowing for remote code execution.
I have a read-only filesystem OS (Bluefin Linux) and I don't know quite how much this has saved me, because so much of the attack happens in the home directory.