Supply Chain Attack
A critical vulnerability in Canonical's Snap Store allows attackers to hijack abandoned Linux applications by purchasing expired domains. This method enables malicious updates to be pushed automatically to users' systems. The issue was highlighted in an analysis by former Canonical engineer Alan Pope.
Riportato dall'IA
A deceptive package on the PyPI repository has been found impersonating the popular SymPy library. This malicious software targets Linux systems, downloading and executing the XMRig cryptocurrency miner through in-memory techniques. Security researchers have highlighted the risks posed by such supply chain attacks in open-source ecosystems.
29 ottobre 2025 06:51