PrivacyDigest<p>Supply-chain attacks on open source software are getting out of hand</p><p>It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with successful <a href="https://mas.to/tags/breaches" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>breaches</span></a> of multiple <a href="https://mas.to/tags/developer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>developer</span></a> accounts that resulted in malicious packages being pushed to unsuspecting users.<br><a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mas.to/tags/supplychain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>supplychain</span></a> <a href="https://mas.to/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a></p><p><a href="https://arstechnica.com/security/2025/07/open-source-repositories-are-seeing-a-rash-of-supply-chain-attacks/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2025/</span><span class="invisible">07/open-source-repositories-are-seeing-a-rash-of-supply-chain-attacks/</span></a></p>