Thanks to my sponsors: Justin Smith, Ian McLinden, Urs Metz, Sung Jeon, Björn Marschollek, Max von Forell, Romain Ruetschi, Torben Clasen, Andy Gocke, Kai Kaufman, milan, Joshua Roesslein, Isak Sunde Singh, Luke Konopka, Colin VanDervoort, WeblWabl, Miguel Raz Guzmán Macedo, L0r3m1p5um, Philipp Hatt, Scott Sanderson and 240 more
Earlier this week, an npm supply chain attack.
It’s turn for crates.io, the main public repository for Rust crates (packages).
The phishing e-mail looks like this:
And it leads to a GitHub login page that looks like this:
Several maintainers received it — the issue is being discussed on GitHub.
The crates.io team has acknowledged the attack and said they’d see if they can do something about it.
No compromised packages have been identified as of yet (Sep 12, 14:10 UTC).
Important links:
(JavaScript is required to see this. Or maybe my stuff broke)
Did you know I also make videos? Check them out on YouTube!
Here's another article just for you:
0 Comments
Log in to join the conversation.No comments yet. Be the first to share your thoughts.