On Wed, 2026-05-27 at 13:08 -0700, Adam Williamson wrote: > * I've reviewed all activity in RHBZ by the nathan95 account this year: > https://bugzilla.redhat.com/page.cgi?id=user_activity.html&action=run&who=nathan95%40live.it&from=2026-01-01&to=2026-04-06&sort=when > . The first suspicious activity appears to date to 2026-04-07 - > severity and priority changes to > https://bugzilla.redhat.com/show_bug.cgi?id=2416721 with no obvious > justification. The last activity before 2026-04-27 was in January and > appears legitimate. The first instance of a bug's assignee being > changed to the nathan95 account was > https://bugzilla.redhat.com/show_bug.cgi?id=2469013 on 2026-05-12 and > suspicious activity occurred regularly after that. I have taken > appropriate actions on each affected bug and upstream issues / PRs if > any were linked. > > * Related PRs were created on GitHub by the accounts > https://github.com/leurus27-boop and https://github.com/nathan9513-aps > . Both accounts should likely be treated as suspicious. I will report > both to GitHub shortly. > > * A related MR was created on invent.kde.org by the account > https://invent.kde.org/nathangiovannini , which again should be treated > as suspicious, and which I will report. > > * I have not reviewed any actions taken by any of the involved accounts > which were not somehow related to Bugzilla, yet. We should probably > look through anything else we can track the nathan95 account as having > done in Fedora systems, and other things done by the associated GitHub > accounts (or at least flag up that projects they have touched should > review them).
Sorry, forgot to mention, very important: nothing I found so far looks outright *malicious*. -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @[email protected] https://www.happyassassin.net -- _______________________________________________ test mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
