PyPI adds project archiving system to stop malicious updates
New NachoVPN attack uses rogue VPN servers to install malicious updates
What we know about the XZ Utils backdoor that almost infected the world — Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream
