Tag: package manager
3 articles
Arch Linux AUR Packages Targeted in Credential Stealer Campaign
Malicious actors have hijacked over 400 Arch Linux AUR packages, quietly altering their build scripts to deploy a sneaky Rust credential stealer in a campaign dubbed Atomic Arch. By targeting abandoned packages and preserving their original names and histories, the attackers cleverly evaded detection.
PyPI Package elementary-data Compromised to Steal Developer Data
A malicious release of the popular elementary-data package on PyPI, which has over 1.1 million monthly downloads, allowed an attacker to steal developer data through a sneaky backdoor. This widely-used open-source tool for data observability in dbt pipelines became a prime target for the secrets-stealing campaign.
PHP Composer Flaws Expose Code Execution Risk, Prompting Patches
Critical flaws in PHP Composer, a popular package manager, leave countless websites vulnerable to code execution attacks - but fortunately, patches have been released to swiftly mitigate this risk. If exploited, these high-severity vulnerabilities could allow hackers to execute arbitrary commands, putting entire systems at risk.