Techly NewsGet the app

Get the latest tech news

Supply-chain attacks on open source software are getting out of hand


Attacks affected packages, including one with ~2.8 million weekly downloads.

It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with successful breaches of multiple developer accounts that resulted in malicious packages being pushed to unsuspecting users. When installed, the packages “covertly integrate surveillance functionality into the developer’s environment, enabling keylogging, screen capture, fingerprinting, webcam access, and credential theft,” Socket researchers wrote. Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords.

Get the Android app

Or read this on ArsTechnica

Read more on:

Photo of hand

hand

Photo of open source software

open source software

Photo of chain attacks

chain attacks

Related news:

News photo

This Windows mini PC fits in my hand - and supports up to three 4K monitors

News photo

The Google Pixel 10 teasers are getting out of hand

News photo

Simulating hand-drawn motion with SVG filters

« Sam Altman warns there’s no legal confidentiality when using ChatGPT as a therapist
Guns and Violence »