#开源项目
又一种很“新颖”的往开源项目里下毒的手法:有人对Python 包 ultralytics 发了 PR,其中包含如图分支名,当 GitHub 执行 CI 任务时,执行脚本获得仓库密钥,进而在发布包中植入加密货币挖矿程序
https://lwn.net/Articles/1001215/
BY codedump的电报频道
In many cases, the content resembled that of the marketplaces found on the dark web, a group of hidden websites that are popular among hackers and accessed using specific anonymising software.“We have recently been witnessing a 100 per cent-plus rise in Telegram usage by cybercriminals,” said Tal Samra, cyber threat analyst at Cyberint.The rise in nefarious activity comes as users flocked to the encrypted chat app earlier this year after changes to the privacy policy of Facebook-owned rival WhatsApp prompted many to seek out alternatives.telegram from us