Hi ala,

A malicious package is hidden in Frontier Stack Inc.'s codebase. It hasn't hit production yet.

Join Mend.io, Cloudsmith, and Chainguard for a live Capture the Flag event on Thursday, June 18th at 11:00 AM EST. Mend.io Senior Security Researcher Amir Shahmiri will walk through a real dependency attack, using SBOMs, AI-BOMs, and open source scanners to trace the threat and expose hidden risks lurking in public ML models.

First team to catch it wins a Raspberry Pi 5.

If you work in supply chain, open source, or AI security, block the time.