this post was submitted on 24 Apr 2026
59 points (100.0% liked)

Privacy

49596 readers
399 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] RustyNova@lemmy.world 2 points 2 months ago (2 children)

Damn.

I'll stick with my keepass + syncthing combo

[–] superglue@lemmy.dbzer0.com 19 points 2 months ago

This was a supply chain attack, everything is vulnerable to this type of attack.

[–] atrielienz@lemmy.world 5 points 2 months ago* (last edited 2 months ago) (1 children)

For a small window of time if you downloaded an update it had malware. It also looks like a lot of those downloads were bot downloads. There is no evidence that vaults have been compromised.

In a post on X, JFrog said the rogue version of the package "steals GitHub/npm tokens, .ssh, .env, shell history, GitHub Actions and cloud secrets, then exfiltrates the data to private domains and as GitHub commits."

[–] RustyNova@lemmy.world -4 points 2 months ago (1 children)

Of what app? Keepass? Was from the Debian repos. Syncthing what's from the syncthing repos

[–] atrielienz@lemmy.world 2 points 2 months ago (1 children)