hey! do NOT update unity hub today, especially if you or your IP address live in russia or belarus
https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/
@aeonofdiscord even in the context of the sabotage, this would've been better targeted using IPs associated with Russian government agencies, right now it just feels the same as people fucking up import grocers abroad and the like just because of thinly veiled russophobia
@elfi imo this kind of thing is just gonna get worse if npm don't make significant changes. imagine a state-sponsored version of this
@elfi as things stand now it seems like an agency could do stuxnet through npm and the most they'd do is revoke their project access after the fact
@aeonofdiscord yeah, on top of being misbegotten, in a wider context these incidents show how blatantly and fundamentally broken the ecosystem is, and the idea of state-sponsored attacks using seized accounts is chilling
