https://bsky.app/profile/safetycli.bsky.socialhttps://bsky.app/profile/safetycli.bsky.social/post/3mcqph73o3k2nBig shout out to @anthropic.com for their recent $1.5m donation to the @python.org Foundation to help secure the @pypi.org ecosystem. Great stuff! https://pyfound.blogspot.com/2025/12/anthropic-invests-in-python.html?utm_source=tldrdevops19 Jan 2026 03:33 +0000at://did:plc:nycsxrdr35j75wf52ecagli3/app.bsky.feed.post/3mcqph73o3k2nhttps://bsky.app/profile/safetycli.bsky.social/post/3mbshcvkiss2mDo you use @polymarket.bsky.social or integrate with their platform? If so, watch out as threat actors are targeting their users with a malicious NPM package: polymarket-clob. Read more here: https://getsafety.com/blog-posts/polymarket-targeted-by-malicious-packages07 Jan 2026 02:47 +0000at://did:plc:nycsxrdr35j75wf52ecagli3/app.bsky.feed.post/3mbshcvkiss2mhttps://bsky.app/profile/safetycli.bsky.social/post/3mbneimxdu22yThe Safety research team just dropped a killer blog post where we identify eleven malicious NPM packages that are part of the latest Shai-hulud worm campaign. Check it out at https://getsafety.com/blog-posts/shai-hulud-3-005 Jan 2026 02:14 +0000at://did:plc:nycsxrdr35j75wf52ecagli3/app.bsky.feed.post/3mbneimxdu22yhttps://bsky.app/profile/safetycli.bsky.social/post/3m5wwvfof4c2qThe Safety research team has identified a new NPM based malware we are calling "Integrator-Filescrypt". This campaign uses a unique "cloaking" technique to hide from researchers and cloud providers. It's sneaky & very effective. Read more on our blog: https://www.getsafety.com/blog-posts/npm-malware-uses-cloaking18 Nov 2025 23:56 +0000at://did:plc:nycsxrdr35j75wf52ecagli3/app.bsky.feed.post/3m5wwvfof4c2qhttps://bsky.app/profile/safetycli.bsky.social/post/3m5juykgt6f2cSafety is on @bsky.app!13 Nov 2025 19:17 +0000at://did:plc:nycsxrdr35j75wf52ecagli3/app.bsky.feed.post/3m5juykgt6f2c