A tweet from @SteamDB has been released stating the following, containing an image of numerous folders from the leaked code:

Source code for both CS:GO and TF2 dated 2017/2018 that was made available to Source engine licencees was leaked to the public today. 

As such, there have been numerous tweets and recommendations to not play these games due to chances of security exploits that could potentially brick your PC such as this tweet from @teamfortresstv:

Due to the recent source code leak for TF2, there have been reports of RCEs (Remote Code Executions) being discovered in the game. For this reason, we highly recommend against playing Team Fortress 2 until a response from Valve is released.

While there has been no confirmation of malware or exploits confirmed regarding RCE, Cathook (which has been infamous for recent hacker bot waves and server crashes) has been cited as the biggest danger involving this. The programming language C++ has a potential to enable buffer overflow exploits if a bug is present that allows it.

(cw slurs)

Allegedly, a screenshot has began rotating around regarding Cathook posting in the official TF2 alerts. It has not been confirmed whether this screencap is real or not.

Regardless of the multitude of information flying around, it is recommended to not play either Counter-Strike: Global Offensive or Team Fortress 2 until the issues have been addressed for safety. 

We will continue to update on this situation as more information is clarified and addressed.

Mod Note | Uber: Our other admin CriticalFlaw who actually knows things about coding is probably the best person to discuss more about it, so Iâll reach out and see what he has to say. 

EDIT: Mod Note | CriticalFlaw: At this moment, I’d say it’s a real risk to be playing TF2. While I’m not familiar with how this RCE works, I have read about another RCE for TF2 from almost three years ago. It can supposedly be done with just being in the server. It may not happen to most people playing, but the threat is there and I think it’s better to be save than sorry until it’s known how this particular RCE works and/or Valve responds/fixes it. 

Even if the screenshots posted to Reddit are fakes meant to stir people, with the source code being out there, a malicious variant of the RCE can and probably will be developed.