a clown car of clown cars that deploys another clown car, that explodes
https://www.youtube.com/watch?v=vnFKkBBzpVg&list=UU9rJrMVgcXTfa8xuMnbhAEA - video
https://pivottoai.libsyn.com/20250829-vibe-coded-build-system-nx-steals-vibe-coders-crypto - podcast
It’s like a one-and-a-half-page article that also comes in audio and video form, don’t be lazy.
spoiler
They vibe coded a bash injection vulnerability in their devops code, which was used to gain access to the repo and push out a release with malicious code, which prompted any installed LLM wrappers like cursor to gather anything that looked like a configuration or text file in the infected machine and presumably leak them to the attacker.