Post AbduF72R2x8md9B1NI by tasket@infosec.exchange
 (DIR) More posts by tasket@infosec.exchange
 (DIR) Post #AbdrApB1DJqEDGSHmS by thenewoil@freeradical.zone
       2023-11-09T21:00:00Z
       
       0 likes, 0 repeats
       
       Highly invasive backdoor snuck into open source packages targets developershttps://arstechnica.com/security/2023/11/developers-targeted-with-malware-that-monitors-their-every-move/
       
 (DIR) Post #AbduF72R2x8md9B1NI by tasket@infosec.exchange
       2023-11-09T21:34:25Z
       
       0 likes, 0 repeats
       
       @thenewoil This is in the notorious PyPI, no?Malware reports should make a distinction between repos that are thoroughly curated and those that are not.  PyPI has not taken all the steps it needs to be considered curated; putting a stop to new projects isn't nearly enough.People who use PyPI content directly should know they are taking a big risk.  If the malware is found in Debian or Fedora repos, that is much more serious.
       
 (DIR) Post #AbduSQSAAovAbqYiW0 by tasket@infosec.exchange
       2023-11-09T21:36:47Z
       
       0 likes, 0 repeats
       
       @thenewoil This is in the notorious PyPI, no?#Malware reports should make a distinction between repos that are thoroughly curated and those that are not.  #PyPI is know to be very risky; having this malware in, say, Debian or Fedora repos would be a much more serious issue.