Software depositories are a prime target for threat actors, especially those offering modules that other developers include in their software. Here is an attack aimed at a Python repository:
Malicious PyPi packages aim DDoS attacks at Counter-Strike servers (bleepingcomputer.com)
Further Reading
Our trust in public code – UPDATED 24 May 2022 – Smart Thinking Solutions
Please Note:
I am on leave so the news this week is “in brief”. You can still contact me via the contact page and Octagon Technology.