Posts tagged #supply-chain-security
═══ #SUPPLY-CHAIN-SECURITY ═══
The Atomic Arch campaign turned trusted-looking AUR packages into a route for rootkit-like credential theft. The old advice to read the build script is starting to look painfully small.
Microsoft-owned GitHub repositories were disabled after Miasma malware hit Azure and AI coding tool workflows. The repo is no longer passive infrastructure. It is part of the runtime.