• Category: Security
  • Status: developing
  • Sources: orchidfiles.com write-up, discussion
  • Summary: See the Top stories item. About 10,000 look-alike repositories serve trojanized archives whose URLs pass VirusTotal while the payload does not.
  • Why it matters: It extends developer-targeted supply-chain abuse onto GitHub's search surface.

Send feedback on this story