home.social

#supply-chain-attack — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #supply-chain-attack, aggregated by home.social.

fetched live
  1. Learn how to use the Arch User Repository (AUR) safely. Discover the lessons from the June 2026 AUR malware attack and protect your Arch Linux system.

    Full details here: ostechnix.com/use-the-aur-safe

    #ArchUserRepository #AUR #ArchLinux #Security #Malware #SupplyChainAttack #AtomicArch #Linux

  2. Learn how to use the Arch User Repository (AUR) safely. Discover the lessons from the June 2026 AUR malware attack and protect your Arch Linux system.

    Full details here: ostechnix.com/use-the-aur-safe

    #ArchUserRepository #AUR #ArchLinux #Security #Malware #SupplyChainAttack #AtomicArch #Linux

  3. Learn how to use the Arch User Repository (AUR) safely. Discover the lessons from the June 2026 AUR malware attack and protect your Arch Linux system.

    Full details here: ostechnix.com/use-the-aur-safe

    #ArchUserRepository #AUR #ArchLinux #Security #Malware #SupplyChainAttack #AtomicArch #Linux

  4. Learn how to use the Arch User Repository (AUR) safely. Discover the lessons from the June 2026 AUR malware attack and protect your Arch Linux system.

    Full details here: ostechnix.com/use-the-aur-safe

    #ArchUserRepository #AUR #ArchLinux #Security #Malware #SupplyChainAttack #AtomicArch #Linux

  5. Learn how to use the Arch User Repository (AUR) safely. Discover the lessons from the June 2026 AUR malware attack and protect your Arch Linux system.

    Full details here: ostechnix.com/use-the-aur-safe

    #ArchUserRepository #AUR #ArchLinux #Security #Malware #SupplyChainAttack #AtomicArch #Linux

  6. Jscrambler’s npm Package Got Backdoored. The Malware Ran Before Your App Ever Started.

    Jscrambler npm 8.14.0 shipped a Rust infostealer via preinstall hook, targeting cloud keys, wallets, and AI tool configs. Full technical breakdown and IOCs

    thecybersecguru.com/news/jscra

  7. Jscrambler’s npm Package Got Backdoored. The Malware Ran Before Your App Ever Started.

    Jscrambler npm 8.14.0 shipped a Rust infostealer via preinstall hook, targeting cloud keys, wallets, and AI tool configs. Full technical breakdown and IOCs

    thecybersecguru.com/news/jscra

  8. Jscrambler’s npm Package Got Backdoored. The Malware Ran Before Your App Ever Started.

    Jscrambler npm 8.14.0 shipped a Rust infostealer via preinstall hook, targeting cloud keys, wallets, and AI tool configs. Full technical breakdown and IOCs

    thecybersecguru.com/news/jscra

  9. Jscrambler’s npm Package Got Backdoored. The Malware Ran Before Your App Ever Started.

    Jscrambler npm 8.14.0 shipped a Rust infostealer via preinstall hook, targeting cloud keys, wallets, and AI tool configs. Full technical breakdown and IOCs

    thecybersecguru.com/news/jscra

  10. Jscrambler’s npm Package Got Backdoored. The Malware Ran Before Your App Ever Started.

    Jscrambler npm 8.14.0 shipped a Rust infostealer via preinstall hook, targeting cloud keys, wallets, and AI tool configs. Full technical breakdown and IOCs

    thecybersecguru.com/news/jscra

  11. Basta un npm install: la 8.14.0 di jscrambler distribuiva un infostealer Rust nelle pipeline di sviluppo

    La versione 8.14.0 del popolare pacchetto npm jscrambler è stata compromessa con un preinstall hook che eseguiva silenziosamente un infostealer Rust multipiattaforma, mirato a credenziali cloud, wallet crypto e chiavi API di strumenti AI come Claude Desktop e Cursor.

    insicurezzadigitale.com/basta-

  12. Basta un npm install: la 8.14.0 di jscrambler distribuiva un infostealer Rust nelle pipeline di sviluppo

    La versione 8.14.0 del popolare pacchetto npm jscrambler è stata compromessa con un preinstall hook che eseguiva silenziosamente un infostealer Rust multipiattaforma, mirato a credenziali cloud, wallet crypto e chiavi API di strumenti AI come Claude Desktop e Cursor.

    insicurezzadigitale.com/basta-

  13. Basta un npm install: la 8.14.0 di jscrambler distribuiva un infostealer Rust nelle pipeline di sviluppo

    La versione 8.14.0 del popolare pacchetto npm jscrambler è stata compromessa con un preinstall hook che eseguiva silenziosamente un infostealer Rust multipiattaforma, mirato a credenziali cloud, wallet crypto e chiavi API di strumenti AI come Claude Desktop e Cursor.

    insicurezzadigitale.com/basta-

  14. Basta un npm install: la 8.14.0 di jscrambler distribuiva un infostealer Rust nelle pipeline di sviluppo

    La versione 8.14.0 del popolare pacchetto npm jscrambler è stata compromessa con un preinstall hook che eseguiva silenziosamente un infostealer Rust multipiattaforma, mirato a credenziali cloud, wallet crypto e chiavi API di strumenti AI come Claude Desktop e Cursor.

    insicurezzadigitale.com/basta-

  15. Basta un npm install: la 8.14.0 di jscrambler distribuiva un infostealer Rust nelle pipeline di sviluppo

    La versione 8.14.0 del popolare pacchetto npm jscrambler è stata compromessa con un preinstall hook che eseguiva silenziosamente un infostealer Rust multipiattaforma, mirato a credenziali cloud, wallet crypto e chiavi API di strumenti AI come Claude Desktop e Cursor.

    insicurezzadigitale.com/basta-

  16. 📰 North Korean Hackers Escalate 'PolinRider' Supply Chain Attack on Devs

    🇰🇵 North Korean hackers are escalating the 'PolinRider' supply chain attack, publishing 108 malicious npm, PHP, and Go packages to steal developer credentials from CI/CD pipelines. Developers, be vigilant! #SupplyChainAttack #CyberSecurity #NorthKo...

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/no

  17. This will increase a lot of uncertainty in all areas:

    «Artificial Intelligence — Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks:
    Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, potentially turning malicious repositories into supply chain attack vectors.»

    🤜 securityweek.com/decades-old-b

    #bash #decates #hacking #ai #bypass #itsec #itsecurity #supplychain #aicoding #supplychainattack #gnu #linux #unix #aws #guardfall

  18. This will increase a lot of uncertainty in all areas:

    «Artificial Intelligence — Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks:
    Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, potentially turning malicious repositories into supply chain attack vectors.»

    🤜 securityweek.com/decades-old-b

    #bash #decates #hacking #ai #bypass #itsec #itsecurity #supplychain #aicoding #supplychainattack #gnu #linux #unix #aws #guardfall

  19. This will increase a lot of uncertainty in all areas:

    «Artificial Intelligence — Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks:
    Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, potentially turning malicious repositories into supply chain attack vectors.»

    🤜 securityweek.com/decades-old-b

    #bash #decates #hacking #ai #bypass #itsec #itsecurity #supplychain #aicoding #supplychainattack #gnu #linux #unix #aws #guardfall

  20. This will increase a lot of uncertainty in all areas:

    «Artificial Intelligence — Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks:
    Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, potentially turning malicious repositories into supply chain attack vectors.»

    🤜 securityweek.com/decades-old-b

    #bash #decates #hacking #ai #bypass #itsec #itsecurity #supplychain #aicoding #supplychainattack #gnu #linux #unix #aws #guardfall

  21. This will increase a lot of uncertainty in all areas:

    «Artificial Intelligence — Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks:
    Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, potentially turning malicious repositories into supply chain attack vectors.»

    🤜 securityweek.com/decades-old-b

    #bash #decates #hacking #ai #bypass #itsec #itsecurity #supplychain #aicoding #supplychainattack #gnu #linux #unix #aws #guardfall

  22. In Anbetracht der aktuellen Angriffe auf das #AUR Repository, sehe ich dunkle Wolken auch für andere Repositories aufziehen. #AUR schätze ich als verhältnismäßig leichtes Ziel ein, aber die Unsympathen üben möglicherweise nur.

    Die Bedrohungslage ist nicht nur gefühlt ziemlich hoch.

    #OSS #OpenSource #SupplyChain #SupplyChainAttack #Risiko

  23. In Anbetracht der aktuellen Angriffe auf das #AUR Repository, sehe ich dunkle Wolken auch für andere Repositories aufziehen. #AUR schätze ich als verhältnismäßig leichtes Ziel ein, aber die Unsympathen üben möglicherweise nur.

    Die Bedrohungslage ist nicht nur gefühlt ziemlich hoch.

    #OSS #OpenSource #SupplyChain #SupplyChainAttack #Risiko

  24. In Anbetracht der aktuellen Angriffe auf das #AUR Repository, sehe ich dunkle Wolken auch für andere Repositories aufziehen. #AUR schätze ich als verhältnismäßig leichtes Ziel ein, aber die Unsympathen üben möglicherweise nur.

    Die Bedrohungslage ist nicht nur gefühlt ziemlich hoch.

    #OSS #OpenSource #SupplyChain #SupplyChainAttack #Risiko

  25. In Anbetracht der aktuellen Angriffe auf das #AUR Repository, sehe ich dunkle Wolken auch für andere Repositories aufziehen. #AUR schätze ich als verhältnismäßig leichtes Ziel ein, aber die Unsympathen üben möglicherweise nur.

    Die Bedrohungslage ist nicht nur gefühlt ziemlich hoch.

    #OSS #OpenSource #SupplyChain #SupplyChainAttack #Risiko

  26. In Anbetracht der aktuellen Angriffe auf das #AUR Repository, sehe ich dunkle Wolken auch für andere Repositories aufziehen. #AUR schätze ich als verhältnismäßig leichtes Ziel ein, aber die Unsympathen üben möglicherweise nur.

    Die Bedrohungslage ist nicht nur gefühlt ziemlich hoch.

    #OSS #OpenSource #SupplyChain #SupplyChainAttack #Risiko

  27. RE: fosstodon.org/@archlinux/11673

    #Archlinux Supply chain incident shows the thing that always ignored by common people:

    Expecting you are not the target, because people rarely used it.

    Which points to: Attackers will do things where it is the place you are least expect.

    #cybersecurity #supplychainattack

  28. RE: fosstodon.org/@archlinux/11673

    #Archlinux Supply chain incident shows the thing that always ignored by common people:

    Expecting you are not the target, because people rarely used it.

    Which points to: Attackers will do things where it is the place you are least expect.

    #cybersecurity #supplychainattack

  29. RE: fosstodon.org/@archlinux/11673

    #Archlinux Supply chain incident shows the thing that always ignored by common people:

    Expecting you are not the target, because people rarely used it.

    Which points to: Attackers will do things where it is the place you are least expect.

    #cybersecurity #supplychainattack

  30. RE: fosstodon.org/@archlinux/11673

    #Archlinux Supply chain incident shows the thing that always ignored by common people:

    Expecting you are not the target, because people rarely used it.

    Which points to: Attackers will do things where it is the place you are least expect.

    #cybersecurity #supplychainattack

  31. 📣🚨 Over 20 Linux packages were compromised in the campaign, which abuses AUR ownership transfers to drop rootkit-like malware.

    Read: hackread.com/atomic-arch-hijac

  32. “Atomic Arch”: Nearly 900 AUR Packages Backdoored with a Developer-Targeting Infostealer and eBPF Rootkit

    On June 11, 2026, the Atomic Arch supply chain attack backdoored 900+ Arch Linux AUR packages with the 'deps' infostealer and an eBPF rootkit

    thecybersecguru.com/news/atomi

  33. @sodiboo @ifin @threatintel Made a consolidated AUR malware checker for the atomic-lockfile supply-chain attack now on GitHub.

    Merges detection scripts from the gist[1] and Kidev, BrianCArnold, commonsourcecs, Kacper-Kondracki, quantenProjects, Andre Herbst, ioctl.fail, and Kusoneko into a single repo. Checks known compromised packages, scans pacman.log history, checks for systemd persistence and eBPF rootkit artifacts.

    github.com/lenucksi/aur-malwar

    [1] gist.github.com/Kidev/59bf9f5f

    #AUR #ArchLinux #SupplyChainAttack #Malware #InfoSec #atomiclockfile

  34. @sodiboo @ifin @threatintel Made a consolidated AUR malware checker for the atomic-lockfile supply-chain attack now on GitHub.

    Merges detection scripts from the gist[1] and Kidev, BrianCArnold, commonsourcecs, Kacper-Kondracki, quantenProjects, Andre Herbst, ioctl.fail, and Kusoneko into a single repo. Checks known compromised packages, scans pacman.log history, checks for systemd persistence and eBPF rootkit artifacts.

    github.com/lenucksi/aur-malwar

    UPDATE 7/13/26: Friendly contributors added a 'download official arch hedgedoc list' and the new new bun package and I added some more convenience features.

    [1] gist.github.com/Kidev/59bf9f5f

    #AUR #ArchLinux #SupplyChainAttack #Malware #InfoSec #atomiclockfile

  35. @sodiboo @ifin @threatintel Made a consolidated AUR malware checker for the atomic-lockfile supply-chain attack now on GitHub.

    Merges detection scripts from the gist[1] and Kidev, BrianCArnold, commonsourcecs, Kacper-Kondracki, quantenProjects, Andre Herbst, ioctl.fail, and Kusoneko into a single repo. Checks known compromised packages, scans pacman.log history, checks for systemd persistence and eBPF rootkit artifacts.

    github.com/lenucksi/aur-malwar

    UPDATE 7/13/26: Friendly contributors added a 'download official arch hedgedoc list' and the new new bun package and I added some more convenience features.

    [1] gist.github.com/Kidev/59bf9f5f

    #AUR #ArchLinux #SupplyChainAttack #Malware #InfoSec #atomiclockfile

  36. @sodiboo @ifin @threatintel Made a consolidated AUR malware checker for the atomic-lockfile supply-chain attack now on GitHub.

    Merges detection scripts from the gist[1] and Kidev, BrianCArnold, commonsourcecs, Kacper-Kondracki, quantenProjects, Andre Herbst, ioctl.fail, and Kusoneko into a single repo. Checks known compromised packages, scans pacman.log history, checks for systemd persistence and eBPF rootkit artifacts.

    github.com/lenucksi/aur-malwar

    UPDATE 7/13/26: Friendly contributors added a 'download official arch hedgedoc list' and the new new bun package and I added some more convenience features.

    [1] gist.github.com/Kidev/59bf9f5f

    #AUR #ArchLinux #SupplyChainAttack #Malware #InfoSec #atomiclockfile

  37. @sodiboo @ifin @threatintel Made a consolidated AUR malware checker for the atomic-lockfile supply-chain attack now on GitHub.

    Merges detection scripts from the gist[1] and Kidev, BrianCArnold, commonsourcecs, Kacper-Kondracki, quantenProjects, Andre Herbst, ioctl.fail, and Kusoneko into a single repo. Checks known compromised packages, scans pacman.log history, checks for systemd persistence and eBPF rootkit artifacts.

    github.com/lenucksi/aur-malwar

    UPDATE 7/13/26: Friendly contributors added a 'download official arch hedgedoc list' and the new new bun package and I added some more convenience features.

    [1] gist.github.com/Kidev/59bf9f5f

    #AUR #ArchLinux #SupplyChainAttack #Malware #InfoSec #atomiclockfile