Rule#34 : If it exists there is porn of it. If not, start uploading.
Adventures in Dystopia
The internet is broken, again https://medium.com/@vesirin/how-i-gained-commit-access-to-homebrew-in-30-minutes-2ae314df03ab https://blog.npmjs.org/post/175824896885/incident-report-npm-inc-operations-incident-of https://blog.npmjs.org/post/180565383195/details…
https://arstechnica.com/security/2024/03/pypi-halted-new-users-and-projects-while-it-fended-off-supply-chain-attack/
… then they fight you …
… then they fight you …
Ars Technica
PyPI halted new users and projects while it fended off supply-chain attack
Automation is making attacks on open source code repositories harder to fight.
Package : xz-utils
CVE ID : CVE-2024-3094
Andres Freund discovered that the upstream source tarballs for xz-utils,
the XZ-format compression utilities, are compromised and inject
malicious code, at build time, into the resulting liblzma5 library.
(Source)
CVE ID : CVE-2024-3094
Andres Freund discovered that the upstream source tarballs for xz-utils,
the XZ-format compression utilities, are compromised and inject
malicious code, at build time, into the resulting liblzma5 library.
(Source)
Adventures in Dystopia
Package : xz-utils CVE ID : CVE-2024-3094 Andres Freund discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library.…
https://github.com/amlweems/xzbot finally, after three days, fully reversed PoC
GitHub
GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) - amlweems/xzbot