If you're one of millions using element-data, it's time to check for compromise.

Ars Technica is known for its  coverage of technology-related news and analysis, ranging from scientific breakthroughs to the latest gadgets and gaming developments. Readers can learn about emerging technologies, industry trends, and the societal impact of technological advancements through detailed articles and reviews.

Ars Technica

The elementary-data Python CLI package (element-data), with over 1 million monthly downloads, was compromised via a GitHub Actions vulnerability. Attackers exploited a flaw in the developers' CI workflow to gain access to signing keys and account tokens, then published a malicious version (0.23.3) to PyPI and Docker Hub. The malicious package harvested credentials, cloud provider keys, API tokens, and SSH keys from affected systems. The package was live for roughly 12 hours before removal. Users who ran version 0.23.3 or the affected Docker image should assume credential compromise and rotate all secrets.

Open source package with 1 million monthly downloads stole user credentials

How The Callisto Protocol's Gameplay Was Perfected Months Before Release