Beke e ngoe le e ngoe, litsamaiso tsa rona tsa ho lemoha malware li hlahloba liphutheloana tse likete tse ncha le tse ntlafalitsoeng ho pholletsa le li-registry tsa sechaba joalo ka npm le PyPI. Beke ena e ne e le mokhelo.
Re tiisitse liphutheloana tse fetang 90 tse kotsi pakeng tsa la 26 Phuptjane le la 3 Phupu, 2026, ho pholletsa le npm le PyPI, ka matšolo a 'maloa a tsoelang pele ho tloha libekeng tse fetileng le a macha a hlahang.
The nolimit-agent letšolo le tswetse pele ho phatlalatsa mefuta e mecha (1.0.306, 1.0.315, 1.0.316), le atolosa moralo wa phishing wa khoutu ya sesebediswa sa Microsoft 365 oo re o ngotseng ka botlalo ho rona Tlaleho ea DeviceDoor. The anthropic-toolkit Sehlopha e ne e le letšolo le lecha le ka sehloohong, ka liphetolelo tse 20 tse tiisitsoeng ka la 30 Phuptjane feela — tse shebaneng ka kotloloho le liphutheloana tse amanang le lisebelisoa tsa moqapi tsa Anthropic. cursed-modules lelapa le phatlalalitse mefuta e fetang 15 pakeng tsa la 1 Phupu le la 2 Phupu ho pholletsa le bobeli standard le dinomoro tsa mofuta o phahamisitsweng (999.x), ho latela buka ya pherekano ya ho itshetleha. date-fns-lite sehlopha (mefuta e 5, Phupu 2) se tswetse pele ka mokhoa wa ho etsisa diphutheloana tsa tshebediso tse molaong, tse sebediswang haholo.
Mokhoa oa ho shebana le lisebelisoa tsa AI o thehiloe bekeng e fetileng ka ollama-helpers 'me openai-agents-helpers e atoloselitsoe nakong ena ka ai-explain, ai-sdk-helpers, 'me @langgraphjs/toolkit, tsohle di tiisitswe pakeng tsa la 28 Phuptjane le la 30 Phuptjane. @szc-ft/mcp-szcd-client sephutheloana (mefuta ea 0.38.0 le 0.39.0, e tiisitsoe ka la 2 Phupu) se hlahisitse mokhoa o mocha oo re o latelang e le SkillLeak: sesupa-tsebo sa ho hlakola mangolo se patiloeng ka hare ho bokgoni ba MCP ho ena le ho hokela ho kenya, se sa bonahaleng ho di-scanner tse emang kamora ho kenya. Re phatlalalitse a Tlhahlobo e felletseng ea SkillLeak mona.
Setšoantšo sena sa beke le beke ke karolo ea lenaneo la rona le tsoelang pele Khoutu e mpe ea Molao, moo re netefatsang litšokelo tse ncha le ho fana ka bohlale bo ka sebelisoang ho thusa lihlopha tsa DevSecOps ho sireletsa pipelinepele tshenyo e etsahala. A re hlahlobisiseng seo re se fumaneng bekeng ena le hore na ke hobane'ng ha se le bohlokoa.
Liphutheloana tse fetang 90. Beke e le 'ngoe. Pipeline Ke Sepheo.
Tlhaloso ea beke ena e bonts'a phetoho ea ho tsepamisa maikutlo ho bahlaseli, eseng feela bophahamo ba molumo, empa le pele ho nako.cision. Meroallo ea mofuta o tsitsitseng, lihlopha tsa lisebelisoa tsa AI, bosholu ba mangolo a MCP, le litlhaselo tsa pherekano ea ho itšetleha khahlanong le libaka tsa mabitso tsa monorepo tsa ka hare. Matšolo a etsoa ka boiketsetso 'me a tsoela pele. Ho hlahloba beke le beke ha se tšireletso.
Temoso ea Malware ea Xygeni ea Pele e hlahloba npm, PyPI, le lirejistri tse ling ka nako ea sebele, e tšoaea litšokelo nakong ea phatlalatso, pele li fihla mohahong, pele moemeli oa AI a li kenya ka boikemelo, le pele mojaro o lefshoang oa setaele sa SkillLeak o e-ba le monyetla oa ho o phethahatsa. anthropic-toolkit e phatlalatsa mefuta e 20 ka letsatsi le le leng kapa cursed-modules likhohola tsa npm ka mofuta oa 999.x ho pholletsa le matsatsi a mabeli, ho lemoha ho etsahalang kamora 'nete ho se ho le morao haholo.
Xygeni's Open Source Security sethala se fa lihlopha tsa DevSecOps temoho ea nako ea sebele le ho li beha pele ho hlokahala ho lula ka pele ho khatello e hlophisitsoeng ea ketane ea phepelo, kahoo pipelineLula u hloekile ntle le ho liehisa lihlopha tsa hau.




