Hackers are pwning packages at an exhausting clip.

But the hacks are hackneyed. What’s new is the doom cycle: Code that steals keys to publish code to steal more keys.

A zombie army of infected code. And AI is making it worse.

GitHub Actions are a trap

Trivy is an open-source security scanner. But if you used Trivy in late March, you had a bad time.

On March 19th, hackers pushed a version…