Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers account workflow that gave access to its signing keys and other sensitive information. On Friday, unknown attackers exploited the vulnerability to push a new version of element data , a command line interface that helps users monitor performance and anomalies in machine learning systems. When run, the malicious package scoured systems for sensitive...
