undefined | Better HN

0 pointsdetente181d ago0 comments

Update:

- Impacted versions (v1.82.7, v1.82.8) have been deleted from PyPI - All maintainer accounts have been changed - All keys for github, docker, circle ci, pip have been deleted

We are still scanning our project to see if there's any more gaps.

If you're a security expert and want to help, email me - krrish@berri.ai

0 comments

detente18OP3h ago

Update 2 (03/25/2026):

- We will be holding a townhall on Friday to review the incident and share next steps (https://lnkd.in/gsbTdCe7)

- We can confirm a bad version of Trivy security scanner ran in our CI/CD pipeline, which would have led to the supply chain attack

- We have paused new releases until we've completed securing our codebase and release pipeline to ensure safe releases for users

- We've added additional github/gitlab ci scripts for checking if you're impacted: https://lnkd.in/gGicMkby

We hope to share a full RCA in the coming days. Until then, if there's anything we can do to help your team - please let me know. You can email me (krrish@berri.ai), or join the discussion on github (https://lnkd.in/g9TuuQ2H).

cosmicweather1d ago

> All maintainer accounts have been changed

What about the compromised accounts(as in your main account)? Are they completely unrecoverable?

detente18OP15h ago

I deleted it, to be safe.

MadsRC1d ago

Dropped you a mail from mads.havmand@nansen.ai

1 more reply

j / k navigate · click thread line to collapse