📦 Package Managers - curiousfurbytes · Scour

AUR Packages Attacked by Infostealer

lists.archlinux.org··Lobsters, Hacker News

npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders

💚Node.js Blog

Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks

orca.security·

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

securityweek.com·

Release v0.2.99 · anthropics/claude-agent-sdk-python

🔄GitHub Actions Code

Package Manager Patents

🌳Data Structures Blog

someone actually leaked the Miasma supply chain attack toolkit source code on github

🔄GitHub Actions

safedep.io··Hacker News, r/programming

I Replaced Our Commercial Artifact Registry With a Free One After a 5× Renewal Price Hike.

💚Node.js Blog

·

Shai-Hulud Hades PyPI Campaign: 19 Packages Trojanized via Wheel Startup Hooks

🐍Python Blog

Dependency Execution Intelligence

depgaze.xyz··Hacker News

debsecan-mcp v0.1.2 released to PyPI

🐍Python Blog

Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System

💚Node.js Blog

Shai-Hulud copycat campaign targets Python developers through PyPI typosquatting

🔄GitHub Actions Blog

about.gitlab.com·

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

sh.itjust.works·

Linux Kernel 0-Day 🐧, Hades PyPI Worm 🐍, Anthropic Fable 5 🪄

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

thehackernews.com·

Self-replicating Miasma worm hits 73 Microsoft GitHub repositories in supply chain attack

💚Node.js News

thenextweb.com·

Microsoft desativa 73 repositórios após invasão que visava IA

cisoadvisor.com.br·

chore(deps-dev): bump the oxc group across 1 directory with 4 updates…

🔄GitHub Actions Code

·

Compromised Rust crate onering performs code exfiltration

🦀Rust Blog

aikido.dev··r/rust

Log in to enable infinite scrolling