The Hacker News

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

Researchers found a fake Ethereum helper package on crates.io that secretly downloaded OS-specific payloads and executed them on developer machines.
theregister

Forking confusing: Vulnerable Rust crate exposes uv Python packager

A vulnerability in the popular Rust crate async-tar has affected the fast uv Python package manager, which uses a forked version that's now patched – but the most ...