Hackers are pwning packages at an exhausting clip.
But the hacks are hackneyed. What’s new is the doom cycle: Code that steals keys to publish code to steal more keys.
A zombie army of infected code. And AI is making it worse.
GitHub Actions are a trap
Trivy is an open-source security scanner. But if you used Trivy in late March, you had a bad time.
On March 19th, hackers pushed a version…