kubernetes-el Compromised: How a Pwn Request Exploited a Popular Emacs Package - StepSecurity (www.stepsecurity.io)

submitted 4 hours ago by flamingos@feddit.uk to c/opensource@programming.dev

0 comments fedilink hide all child comments

On March 5, 2026, a threat actor exploited a classic "Pwn Request" vulnerability in the CI workflow of kubernetes-el/kubernetes-el, a popular Emacs package for managing Kubernetes clusters. The attacker stole the repository's GITHUB_TOKEN (with full write permissions), exfiltrated CI/CD secrets, defaced the repository, and injected destructive code.

The package has since been removed from MELPA (a popular third-party Emacs package repository) and blocked from updating on the Emacsmirror, affecting users who depend on it for Kubernetes management within Emacs.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here

this post was submitted on 10 Mar 2026

16 points (100.0% liked)

Opensource

5722 readers

321 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

Credits

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

⠀

founded 2 years ago

MODERATORS

pylapp@programming.dev