Dossier
SSH keys
Coverage of SSH keys in the Nexus archive.
- Open source package with 1 million monthly downloads stole user credentials
An open-source package with over 1 million monthly downloads, element-data, was compromised when attackers exploited a vulnerability in the developers’ account workflow to steal signing keys and sensitive data. The malicious version 0.23.3, pushed to Python Package Index and Docker accounts, scoured systems for credentials before being removed 12 hours later.