This is why I'm always against auto-updates, malicious packages can get in way too easily and silently.
this post was submitted on 20 Oct 2025
15 points (100.0% liked)
Cybersecurity
8535 readers
76 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
My problem with this report is that the only source that BC links is the write-up by "Koi Security," whose URL is "koi.ai" and the write-up has a lot of markers of having been written by an LLM (slop).
The supply-chain worm isn't that far-fetched but without corroboration it's impossible to know how many of these details are real and how many were just statistically likely (hallucinated) according to the LLM. And there are a lot of complex features of this worm that just scream the favourite refrain of the LLM: "BUT WAIT! THERE'S MORE!"