Malicious Code
Coverage of Malicious Code in the Nexus archive.
- Red Hat removes tainted packages after software pipeline compromise
Red Hat has removed 32 tainted packages following a compromise in their software pipeline. The malicious code was distributed through a compromised GitHub account, affecting packages downloaded approximately 117,000 times weekly.
- Dev targeted by sophisticated job scam: 'I let my guard down, and ran the freaking code'
A developer fell victim to a sophisticated job scam involving a realistic-looking website, video interviews, and malicious code disguised as a technical test. The scam began with a LinkedIn message and used social engineering tactics to trick the victim into executing harmful code.
- Git identity spoof fools Claude into giving bad code the nod
Security researchers discovered that Anthropic's Claude AI code reviewer can be deceived into approving malicious code by spoofing a trusted developer's Git identity using two commands. This exploit involves forging metadata to make hostile changes appear as if they originated from a legitimate maintainer.