|
|
|
|
|
|
by zestyping
288 days ago
|
|
|
Interesting. According to https://www.wiz.io/blog/s1ngularity-supply-chain-attack the initial entry point was a "flawed GitHub Actions workflow that allowed code injection through unsanitized pull request titles" — which was detected and mitigated on August 29. That was more than ten days ago, and yet major packages were compromised yesterday. How? |
|
|