Zerush@lemmy.ml to

Open Source@lemmy.ml · 1 year ago

Over 100,000 Infected Repos Found on GitHub

cross-posted to:
hackernews@lemmy.smeargle.fans

204

Over 100,000 Infected Repos Found on GitHub

Zerush@lemmy.ml to

Open Source@lemmy.ml · 1 year ago

cross-posted to:
hackernews@lemmy.smeargle.fans

The Apiiro research team has detected a repo confusion campaign that has evolved and expanded, impacting over 100k GitHub repos with malicious code.

Chat

erAck@discuss.tchncs.de
link
fedilink
arrow-up
2·
1 year ago
If you installed the original legit package it can’t be updated with such fake one (without uninstalling and installing the bad one) as the signatures won’t match. If you initially install the bad package then yes of course.

Open Source@lemmy.ml

opensource@lemmy.ml

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !opensource@lemmy.ml

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

855 users / day
2.62K users / week
3.79K users / month
11.4K users / 6 months
143 local subscribers
32.6K subscribers
1.96K Posts
32.7K Comments
Modlog