In the wake of copy.fail, there are more vulnerabilities that have been announced: Copy Fail 2: Electric Boogaloo Dirty Frag Right now would be one of the best times for a supply chain attack via NPM to hit hard. Outside of Linux kernel patches from your distro, I think it's probably a good idea to put a moratorium on installing new software for a week or so.
No comments yet. Log in to reply on the Fediverse. Comments will appear here.