Post · bonfire.cafe

RE: https://cosocial.ca/@mhoye/116553395984214488

“Summary:

A compromised dependency in the JavaScript ecosystem led to credential theft, which enabled a supply chain attack on a Rust compression library, which was vendored into a Python build tool, which shipped malware to approximately 4 million developers before being inadvertently patched by an unrelated cryptocurrency mining worm.”

mhoye

@mhoye@cosocial.ca · 8 hours ago

I see that today @andrewnez has chosen violence.

https://nesbitt.io/2026/02/03/incident-report-cve-2024-yikes.html

Ratsnake Games

@ratsnakegames@mastodon.social · 2 hours ago

@timbray he hasn't heard of the Karen build server? smh.

Skyr

@skyr@chaos.social · 4 hours ago

@timbray I don't know what made me laugh more: The satiric CVE or the obviously automatically AI-generated renarration on some vendor's blog 🤣🤣🤣
https://sesamedisk.com/cve-2024-yikes-supply-chain-attack/