Blog
2026
Polin Rider Attack
How a supply-chain attack stole our CTO's token, rewrote our repositories, and quietly reached my own account — a first-person account of the PolinRider / Glassworm incident, and what it taught me about trust, Git, and backups.
Jul 2, 2026
Recovering from the Polin Rider Attack
The technical field report: how a stolen GitHub PAT was used to force-push malware into four repositories I had write access to, how I found it, and the exact commands I used to recover every repo from a clean local copy — and to reconstruct one where I had no local copy at all.
Jul 2, 2026