Packagist

Packagist Supply Chain Attack Infects 8 Packages Using GitHub‑Hosted Linux Malware

A coordinated supply‑chain attack compromised eight Composer packages on Packagist, injecting malware via package.json that downloads and executes a Linux binary from GitHub Releases.