{"id":122288,"date":"2026-04-11T12:04:53","date_gmt":"2026-04-11T12:04:53","guid":{"rendered":"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/"},"modified":"2026-04-11T12:05:52","modified_gmt":"2026-04-11T12:05:52","slug":"two-different-attackers-poisoned-popular-open-source-tools-the-register","status":"publish","type":"post","link":"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/","title":{"rendered":"Two different attackers poisoned popular open source tools \u2022 The Register"},"content":{"rendered":"<p> <a href=\"https:\/\/go.fiverr.com\/visit\/?bta=1052423&nci=17043\" Target=\"_Top\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/fiverr.ck-cdn.com\/tn\/serve\/?cid=40081059\"  width=\"601\" height=\"201\"><\/a>\n<\/p>\n<div id=\"body\">\n<p><span class=\"label\">FEATURE<\/span> Two provide chain assaults in March contaminated open supply instruments with malware and used this entry to steal secrets and techniques from tens of hundreds \u2013 if no more \u2013 organizations. We cannot know the complete blast radius for months.<\/p>\n<p>Each focused widespread open supply initiatives which are utilized by a ton of organizations and built-in into numerous software program merchandise, apps, and developer environments.<\/p>\n<p>First, <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2026\/03\/24\/1k_cloud_environments_infected_following\/\">attackers hit Trivy<\/a>, a vulnerability scanner with greater than 100,000 customers and contributors that&#8217;s embedded in hundreds of CI\/CD pipelines. Up subsequent: <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2026\/03\/31\/axios_npm_backdoor_rat\/\">Axios<\/a>, an open-source JavaScript library that has about 100 million weekly downloads and runs in 80 p.c of cloud and code environments.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,dmpu,\" data-sm=\",fluid,mpu,dmpu,\" data-md=\",fluid,mpu,dmpu,\">\n        <noscript><br \/>\n            <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ado45A_6hHMMDCwPzp8pCAAAAFA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\"><br \/>\n                <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ado45A_6hHMMDCwPzp8pCAAAAFA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt=\"\"\/><br \/>\n            <\/a><br \/>\n        <\/noscript>\n    <\/div>\n<p>&#8220;Each of those campaigns will probably play out over a number of months,&#8221; Mandiant Consulting CTO Charles Carmakal advised <em>The Register<\/em>. &#8220;The information that was taken just a few weeks in the past will probably be leveraged this week, subsequent week, subsequent month \u2013 most likely for a number of months \u2013 and the blast radius will proceed to increase.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\">\n            <noscript><br \/>\n                <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ado45A_6hHMMDCwPzp8pCAAAAFA&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"><br \/>\n                    <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ado45A_6hHMMDCwPzp8pCAAAAFA&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                <\/a><br \/>\n            <\/noscript>\n        <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\">\n                <noscript><br \/>\n                    <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ado45A_6hHMMDCwPzp8pCAAAAFA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"><br \/>\n                        <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ado45A_6hHMMDCwPzp8pCAAAAFA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                    <\/a><br \/>\n                <\/noscript>\n            <\/div>\n<\/p><\/div>\n<p>Though executed by completely different attackers \u2013 Axios by North Korean-linked goons, and Trivy et al. by a loosely knit band of smash-and-grab miscreants referred to as TeamPCP \u2013 each had related finish objectives, a deep understanding of developer environments, and superior social engineering abilities.<\/p>\n<p>In keeping with safety consultants, the incidents reveal the way forward for supply-chain assaults.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,dmpu,\" data-sm=\",fluid,mpu,dmpu,\" data-md=\",fluid,mpu,dmpu,\">\n            <noscript><br \/>\n                <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ado45A_6hHMMDCwPzp8pCAAAAFA&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"><br \/>\n                    <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ado45A_6hHMMDCwPzp8pCAAAAFA&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                <\/a><br \/>\n            <\/noscript>\n        <\/div>\n<p>&#8220;We&#8217;re seeing increasingly more builders focused by any such exercise,&#8221; Cisco Talos outreach lead Nick Biasini advised <em>The Register<\/em>. &#8220;Attackers are beginning to actually have a look at the availability chain and open supply packages, and determine methods to compromise builders to ship malware or collect knowledge, relying on the kind of menace.&#8221;<\/p>\n<p>It will change into much more frequent as attackers use AI to make their social engineering campaigns extra plausible and hyper-personalized to focused individuals and organizations, Biasini added.<\/p>\n<p>&#8220;In right this moment&#8217;s world, with AI and the sort of public personas that individuals hold, it is more and more straightforward to construct assaults,&#8221; he mentioned. &#8220;If there&#8217;s some huge cash at stake, there&#8217;s going to be lots of people operating to money in. So with this success, I anticipate to see extra.&#8221;<\/p>\n<h3 class=\"crosshead\">Vuln scanner as preliminary assault vector<\/h3>\n<p>TeamPCP compromised Trivy, an open supply vulnerability scanner maintained by Aqua Safety in late February, then injected credential-stealing malware into the scanner on March 16 by the binary, GitHub Actions, and container pictures. This malware hoovered up CI\/CD secrets and techniques, cloud credentials, SSH keys, and Kubernetes configuration information, and planted persistent backdoors on builders&#8217; machines. It additionally gave the assaults an preliminary entry vector into a number of different open supply instruments.<\/p>\n<p>Then, on March 23, the identical crew used CI\/CD secrets and techniques stolen from the Trivy intrusion to inject the identical malware into open supply static evaluation device KICS, maintained by Checkmarx. Days later, TeamPCP <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2026\/03\/24\/trivy_compromise_litellm\/\">published malicious versions of LiteLLM<\/a> and <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2026\/03\/30\/telnyx_pypi_supply_chain_attack_litellm\/\">Telnyx<\/a> to the Python Package deal Index (PyPI), each of which use Trivy of their CI\/CD pipeline.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\">\n            <noscript><br \/>\n                <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ado45A_6hHMMDCwPzp8pCAAAAFA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"><br \/>\n                    <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ado45A_6hHMMDCwPzp8pCAAAAFA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                <\/a><br \/>\n            <\/noscript>\n        <\/div>\n<p>&#8220;I believe they went after safety instruments intentionally,&#8221; Ben Learn, who leads the cyber menace intel workforce at Wiz, advised <em>The Register<\/em>. &#8220;It may very well be giving the finger to individuals and brashness, or they noticed a market alternative as a result of odd issues occur in safety environments, and they do not get watched as carefully. However the larger image is: These items could be very accessible.&#8221;<\/p>\n<p>TeamPCP, the group behind the Trivy and different open supply provide chain assaults, first confirmed up on the cybercrime scene on the finish of 2025, concentrating on cloud environments in data-theft and extortion operations.<\/p>\n<blockquote class=\"pullquote\">\n<p>Their model was very a lot smash-and-grab. It was primarily about pace, simply grabbing all the things, and getting out shortly.<\/p>\n<\/blockquote>\n<p>Researchers at Flare, a menace publicity administration supplier, had been among the many first to <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/flare.io\/learn\/resources\/blog\/teampcp-cloud-native-ransomware\">sound the alarm about TeamPCP<\/a>. In December, Flare detailed how the hacking crew exploited misconfigured Docker APIs, Kubernetes APIs, Ray dashboards, Redis servers, and weak React\/Subsequent.js purposes. After compromising one workload, the criminals used that entry to maneuver laterally throughout whole clusters, monetizing stolen knowledge for ransom and utilizing uncovered infrastructure for crypto-mining, proxy networks, scanning, and knowledge internet hosting.<\/p>\n<p>&#8220;The operation&#8217;s objectives had been to construct a distributed proxy and scanning infrastructure at scale, then compromise servers to exfiltrate knowledge, deploy ransomware, conduct extortion, and mine cryptocurrency,&#8221; Flare analysts wrote on the time.<\/p>\n<p>&#8220;Initially, there&#8217;s not a ton to differentiate them from the opposite, comparatively noisy, financially motivated teams claiming stuff on-line,&#8221; Learn mentioned.<\/p>\n<p>Infosec researchers consider TeamPCP is a loosely knit group of younger individuals, primarily English audio system impressed by influencer tradition and YouTube traits. The miscreants wish to brag about their exploits on Telegram and Discord channels, a trait they share with different assault gangs like The Com, Lapsus$, Scattered Spider, and ShinyHunters.<\/p>\n<p>&#8220;They&#8217;re clearly impressed by the communication model of Lapsus$,&#8221; Learn mentioned, noting the group <a href=\"https:\/\/www.wiz.io\/blog\/trivy-compromised-teampcp-supply-chain-attack\" rel=\"nofollow\">points to a Rickroll video<\/a> in its malicious area, and hid a secret message saying &#8220;thanks for not being a vibe researcher&#8221; in its blockchain-based command-and-control infrastructure.<\/p>\n<p>&#8220;They&#8217;re conscious individuals are watching them, and they&#8217;re leaning into that, attempting to create this imaginative and prescient of themselves,&#8221; he added.<\/p>\n<p>Plus, because the group&#8217;s December assaults after which Trivy compromise confirmed, TeamPCP &#8220;positively know the developer atmosphere nicely,&#8221; Learn mentioned. &#8220;And they&#8217;re clearly leaning on LLMs to develop a few of their code.&#8221;<\/p>\n<p>Developer environments are usually well-documented &#8211; and this lends itself to utilizing LLMs to help find misconfigurations, and writing and injecting malicious code into packages.<\/p>\n<p>&#8220;Their model was very a lot smash-and-grab,&#8221; in all 4 of the open supply compromises, Learn says. &#8220;In the entire circumstances, they had been present in lower than 12 hours. They weren&#8217;t attempting to masks stuff or discover one precious factor and get out silently. It was primarily about pace, simply grabbing all the things, and getting out shortly.&#8221;<\/p>\n<blockquote class=\"centredquote\">\n<p>North of 10,000 organizations had been probably impacted<\/p>\n<\/blockquote>\n<p>Even when the assault wasn&#8217;t elegant, it nonetheless amassed an enormous quantity of credentials \u2013 &#8220;so giant, that the adversary began soliciting assist from quite a lot of different menace actors to do issues with the stolen credentials,&#8221; Carmakal mentioned.<\/p>\n<p>In whole, TeamPCP stole credentials for greater than 10,000 organizations, in accordance with Carmakal, though that does not essentially imply they&#8217;ve since compromised that many environments to steal knowledge or carry out different nefarious acts.<\/p>\n<p>&#8220;North of 10,000 organizations had been probably impacted,&#8221; he mentioned. &#8220;It was actually fascinating and fairly alarming to see what number of credentials these people had efficiently obtained from an entire bunch of compromise endpoints.&#8221;<\/p>\n<p>Carmakal doubts the gang has ended its rampage. &#8220;We assess that the menace actor, so long as they proceed to leverage these credentials and these secrets and techniques, they&#8217;re going to probably proceed to compromise extra environments,&#8221; he mentioned. &#8220;As they compromise extra environments, they&#8217;re going to get extra secrets and techniques, extra credentials, and hold going till they select to cease, or legislation enforcement takes motion, or there&#8217;s another disruption exercise that happens.&#8221;<\/p>\n<h3 class=\"crosshead\">In one other open supply galaxy, not so far-off&#8230;<\/h3>\n<p>Then, simply two weeks after Trivy, one other provide chain assault hit a special open-source library.<\/p>\n<p>On March 31, Axios, one in all npm&#8217;s most generally used HTTP shopper libraries, grew to become a malware supply automobile for about three hours after attackers hijacked a maintainer&#8217;s account and slipped a remote-access trojan (RAT) into two seemingly respectable releases.<\/p>\n<p>Google&#8217;s Risk Intelligence Group attributed the assault to a suspected North Korean menace actor it tracks as UNC1069.<\/p>\n<p>&#8220;North Korean hackers have deep expertise with provide chain assaults, which they&#8217;ve traditionally used to steal cryptocurrency,&#8221; GTIG chief analyst John Hultquist advised <em>The Register<\/em> on the time. &#8220;The total breadth of this incident continues to be unclear, however given the recognition of the compromised package deal, we anticipate it can have far reaching impacts.&#8221;<\/p>\n<p>Axios&#8217; major maintainer Jason Saayman later printed a <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/github.com\/axios\/axios\/issues\/10636\">detailed post-mortem<\/a>, and mentioned the ways mirrored Google&#8217;s February evaluation of <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/unc1069-targets-cryptocurrency-ai-social-engineering?e=48754805\">UNC1069<\/a>, and its use of AI-enabled social engineering to focus on cryptocurrency corporations with customized malware.<\/p>\n<p>The attackers reached out to Saayman pretending to be an organization founder \u2013 after making a digital clone of the actual firm and its founders. Additionally they constructed a practical Slack workspace, full with worker profiles and posts, after which invited Saayman to affix.<\/p>\n<p>&#8220;The gentleman who was the preliminary sufferer received an invitation to collaborate,&#8221; Learn mentioned. &#8220;That is how the web is meant to work: Two individuals from throughout the globe collaborating on a mission that helps different individuals. However it was North Korea.&#8221;<\/p>\n<blockquote class=\"centredquote\">\n<p>This was the RAT<\/p>\n<\/blockquote>\n<p>After gaining Saayman&#8217;s belief, the criminals lured him into becoming a member of a Groups assembly. When he joined, nonetheless, Groups advised Saayman his software program was old-fashioned, and he wanted to put in an replace to proceed. &#8220;This was the RAT,&#8221; he wrote within the autopsy.<\/p>\n<p>The malware gave UNC1069 entry to Saayman&#8217;s machine, and this allowed them to push malicious updates to the Axios mission, ensuing any system that put in the compromised packages throughout the three-hour window downloaded a stealer that exfiltrated customers non-public keys and credentials, sending them to an attacker-controlled server.<\/p>\n<p>The variety of downstream victims is unknown.<\/p>\n<p>&#8220;This was a really subtle marketing campaign,&#8221; Biasini mentioned. &#8220;They did rather a lot to compromise this explicit sufferer, and there is not rather a lot that will have tipped them that there have been issues.&#8221;<\/p>\n<p>North Korean criminals have focused builders \u2013 and corporations trying to rent builders \u2013 for years, with state-sponsored offensive cyber operations that embody <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/09\/05\/fbi_north_korean_scammers_prepping\/\">cryptocurrency theft<\/a>, <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2026\/02\/24\/north_koreas_lazarus_group_healthcare_medusa_ransomware\/\">ransomware and extortion attacks<\/a>, and <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2025\/07\/13\/fake_it_worker_problem\/\">IT worker scams<\/a>. Extra not too long ago, they&#8217;ve additionally begun instantly going after builders, utilizing lures like <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2025\/10\/20\/ai_prompt_saved_developer\/\">job interviews and meetings<\/a> to compromise their machines and steal credentials and cryptocurrency wallets.<\/p>\n<p>&#8220;North Korea&#8217;s received this flywheel of understanding, the place they have the IT staff who&#8217;re getting actual jobs, they usually additionally perceive developer environments and the way they work from a technical perspective,&#8221; Learn mentioned. &#8220;From what we have seen, and what we inform our clients: That is going to maintain occurring.&#8221;<\/p>\n<h3 class=\"crosshead\">What to anticipate once you&#8217;re defending<\/h3>\n<p>Each supply-chain assaults illustrate how adversaries will all the time select the trail of least resistance, whether or not which means logging in with compromised credentials or social engineering the only real maintainer on an open supply mission that underpins a lot of the web.<\/p>\n<p>&#8220;They understand that as a substitute of attempting to bang my means into these corporations, it is a lot better for me to go after the one, possibly two individuals which are sustaining this open supply package deal,&#8221; Biasini mentioned. &#8220;And by compromising these packages, they&#8217;ll create an enormous quantity of alternative in a wide selection of areas.&#8221;<\/p>\n<p>If there is a silver lining available, it is that each incidents &#8220;created an entire bunch of consciousness of this drawback that everyone&#8217;s coping with proper now with compromised packages,&#8221; Carmakal mentioned. &#8220;And it reintroduces the dialog of SBOMs &#8211; software program bill-of-materials.&#8221;<\/p>\n<p>This basically serves as an <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2023\/02\/28\/supply_chain_security_chainguard\/\">&#8220;ingredients list&#8221; for software components<\/a>, together with open supply, third-party, and proprietary code.<\/p>\n<p>&#8220;The largest factor that you are able to do is perceive the place your threat is,&#8221; Biasini mentioned. &#8220;If a supply-chain assault occurs, you need to be capable to shortly decide the place is that this package deal being utilized in the environment, and the place are our potential an infection factors? One of the best factor you are able to do as defenders is just be sure you have these SBOMs, perceive the place these packages are, and try to triage as shortly as you possibly can.&#8221;<\/p>\n<p>Biasini suggests utilizing AI brokers to assist. &#8220;This may be an incredible place to leverage AI,&#8221; he mentioned. &#8220;Begin turning on AI brokers to determine the place these open supply initiatives are in your atmosphere.&#8221;<\/p>\n<p>All the safety consultants we spoke with famous the speedy detection time in these provide chain assaults. &#8220;Inside 12 hours normally,&#8221; Learn mentioned. &#8220;This wasn&#8217;t one thing that was mendacity there silently for a very long time.&#8221;<\/p>\n<p>There&#8217;ll all the time be a window between each time code is poisoned and the time it is detected in a supply-chain assault. That window presents a chance for organizations to keep away from downloading malware onto their programs and machines, he added.<\/p>\n<p>&#8220;Should you create a rule in your improvement environments the place you do not obtain any variations newer than 24 hours, you&#8217;ll have skipped these,&#8221; Learn mentioned. &#8220;It is simple to say, exhausting to implement constantly, particularly with Jim from accounting spinning up Claude and now all people&#8217;s a developer.&#8221;<\/p>\n<p>Nonetheless, imposing some kind of brief delay, coupled with SBOMs, figuring out what software program runs on which machines, and the place secrets and techniques stay, may also help organizations higher &#8220;reply and prioritize effectively,&#8221; he added.<\/p>\n<p>&#8220;Social engineering is not going away,&#8221; in accordance with Biasini. &#8220;It will get actually dangerous with deep fakes, voice cloning, and video cloning. Organizations ought to already be planning for safe phrases, safe objects.&#8221; He is speaking a few bodily object, one thing you may have in your desk that you may decide up and show your identification to the individual on the opposite finish of the video name.<\/p>\n<p>&#8220;Ensuring that you&#8217;ve got the issues in place now to cope with the stuff that is going to be coming, as a result of quickly you are going to have your CEO or your boss displaying up on a video name demanding that you just do one thing that appears odd. And if you do not have these protections in-built already, it may be exhausting to face them up.&#8221; \u00ae<\/p>\n<\/p><\/div>\n<iframe data-lazy=\"true\" data-src=\"https:\/\/www.fiverr.com\/gig_widgets?id=U2FsdGVkX18x7XQvttUTrv1oEqmGNGTgvvCUiUoJ\/AP4z\/UyMz8lXGOLpu15jIMxBbTR0gmD5uBoFvhC4KWeALQRp3h\/X\/AwcVD0K8Wj9H\/ZzYKzcCNHosB9oS4SCJJFWiN85P9ICAc4OgCoE\/wHKIY7CDkf2\/DQ1vqGvk4smVe5cRDEmrLPCWi4FC8p40VUhSmWQ5udCm0zoJtorgWv3vbDQw0kKYkwn39ozAnQXDe+YvWMxkLFWA+O3TFwkJvdkIK+\/AUSnRssPKt5WHY0FhNOxnSPcLslEL4G4\/RfP95ve99U+kRnDy3X+KtzdQLY+u935ghON\/o3UE4IMv9oN6JX9RnxzL\/LRcOgnHigxStSGPKsZYtnz8RWNVT\/rOLAibqiWJadC5MYHRbekF3eg6FOGrQGkXYbsn0+a5aovnlLCbLwIqY9fcS17UX8J235iQ6cdmHNbrPeS84CMm34RA==&affiliate_id=1052423&strip_google_tagmanager=true\" loading=\"lazy\" data-with-title=\"true\" class=\"fiverr_nga_frame\" frameborder=\"0\" height=\"350\" width=\"100%\" referrerpolicy=\"no-referrer-when-downgrade\" data-mode=\"random_gigs\" onload=\" var frame = this; var script = document.createElement('script'); script.addEventListener('load', function() { window.FW_SDK.register(frame); }); script.setAttribute('src', 'https:\/\/www.fiverr.com\/gig_widgets\/sdk'); document.body.appendChild(script); \" ><\/iframe>\n<br \/><a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2026\/04\/11\/trivy_axios_supply_chain_attacks\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>FEATURE Two provide chain assaults in March contaminated open supply instruments with malware and used this entry to steal secrets and techniques from tens of&#8230;<\/p>\n","protected":false},"author":1,"featured_media":122289,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-122288","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech-universe"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Two different attackers poisoned popular open source tools \u2022 The Register - mailinvest.blog<\/title>\n<meta name=\"description\" content=\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Two different attackers poisoned popular open source tools \u2022 The Register - mailinvest.blog\" \/>\n<meta property=\"og:description\" content=\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/\" \/>\n<meta property=\"og:site_name\" content=\"mailinvest.blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/freelanceracademic\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-11T12:04:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-11T12:05:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mailinvest.blog\/wp-content\/uploads\/2026\/04\/two_hackers_spies.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"660\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"admin@mailinvest.blog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin@mailinvest.blog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2026\\\/04\\\/11\\\/two-different-attackers-poisoned-popular-open-source-tools-the-register\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2026\\\/04\\\/11\\\/two-different-attackers-poisoned-popular-open-source-tools-the-register\\\/\"},\"author\":{\"name\":\"admin@mailinvest.blog\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/person\\\/012701c4c204d4e4ebd34f926cfd31a4\"},\"headline\":\"Two different attackers poisoned popular open source tools \u2022 The Register\",\"datePublished\":\"2026-04-11T12:04:53+00:00\",\"dateModified\":\"2026-04-11T12:05:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2026\\\/04\\\/11\\\/two-different-attackers-poisoned-popular-open-source-tools-the-register\\\/\"},\"wordCount\":2329,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2026\\\/04\\\/11\\\/two-different-attackers-poisoned-popular-open-source-tools-the-register\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/two_hackers_spies.jpg\",\"articleSection\":[\"Tech Universe\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2026\\\/04\\\/11\\\/two-different-attackers-poisoned-popular-open-source-tools-the-register\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2026\\\/04\\\/11\\\/two-different-attackers-poisoned-popular-open-source-tools-the-register\\\/\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2026\\\/04\\\/11\\\/two-different-attackers-poisoned-popular-open-source-tools-the-register\\\/\",\"name\":\"Two different attackers poisoned popular open source tools \u2022 The Register - mailinvest.blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2026\\\/04\\\/11\\\/two-different-attackers-poisoned-popular-open-source-tools-the-register\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2026\\\/04\\\/11\\\/two-different-attackers-poisoned-popular-open-source-tools-the-register\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/two_hackers_spies.jpg\",\"datePublished\":\"2026-04-11T12:04:53+00:00\",\"dateModified\":\"2026-04-11T12:05:52+00:00\",\"description\":\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2026\\\/04\\\/11\\\/two-different-attackers-poisoned-popular-open-source-tools-the-register\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2026\\\/04\\\/11\\\/two-different-attackers-poisoned-popular-open-source-tools-the-register\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2026\\\/04\\\/11\\\/two-different-attackers-poisoned-popular-open-source-tools-the-register\\\/#primaryimage\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/two_hackers_spies.jpg\",\"contentUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/two_hackers_spies.jpg\",\"width\":1000,\"height\":660},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2026\\\/04\\\/11\\\/two-different-attackers-poisoned-popular-open-source-tools-the-register\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mailinvest.blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Two different attackers poisoned popular open source tools \u2022 The Register\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#website\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/\",\"name\":\"mailinvest.blog\",\"description\":\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis. mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\",\"publisher\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/mailinvest.blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#organization\",\"name\":\"mailinvest\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/default.png\",\"contentUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/default.png\",\"width\":1000,\"height\":1000,\"caption\":\"mailinvest\"},\"image\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/freelanceracademic\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/person\\\/012701c4c204d4e4ebd34f926cfd31a4\",\"name\":\"admin@mailinvest.blog\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g\",\"caption\":\"admin@mailinvest.blog\"},\"sameAs\":[\"https:\\\/\\\/mailinvest.blog\",\"admin@mailinvest.blog\"],\"url\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/author\\\/adminmailinvest-blog\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Two different attackers poisoned popular open source tools \u2022 The Register - mailinvest.blog","description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/","og_locale":"en_US","og_type":"article","og_title":"Two different attackers poisoned popular open source tools \u2022 The Register - mailinvest.blog","og_description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","og_url":"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/","og_site_name":"mailinvest.blog","article_publisher":"https:\/\/www.facebook.com\/freelanceracademic\/","article_published_time":"2026-04-11T12:04:53+00:00","article_modified_time":"2026-04-11T12:05:52+00:00","og_image":[{"width":1000,"height":660,"url":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2026\/04\/two_hackers_spies.jpg","type":"image\/jpeg"}],"author":"admin@mailinvest.blog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin@mailinvest.blog","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/#article","isPartOf":{"@id":"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/"},"author":{"name":"admin@mailinvest.blog","@id":"https:\/\/mailinvest.blog\/#\/schema\/person\/012701c4c204d4e4ebd34f926cfd31a4"},"headline":"Two different attackers poisoned popular open source tools \u2022 The Register","datePublished":"2026-04-11T12:04:53+00:00","dateModified":"2026-04-11T12:05:52+00:00","mainEntityOfPage":{"@id":"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/"},"wordCount":2329,"commentCount":0,"publisher":{"@id":"https:\/\/mailinvest.blog\/#organization"},"image":{"@id":"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/#primaryimage"},"thumbnailUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2026\/04\/two_hackers_spies.jpg","articleSection":["Tech Universe"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/","url":"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/","name":"Two different attackers poisoned popular open source tools \u2022 The Register - mailinvest.blog","isPartOf":{"@id":"https:\/\/mailinvest.blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/#primaryimage"},"image":{"@id":"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/#primaryimage"},"thumbnailUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2026\/04\/two_hackers_spies.jpg","datePublished":"2026-04-11T12:04:53+00:00","dateModified":"2026-04-11T12:05:52+00:00","description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","breadcrumb":{"@id":"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/#primaryimage","url":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2026\/04\/two_hackers_spies.jpg","contentUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2026\/04\/two_hackers_spies.jpg","width":1000,"height":660},{"@type":"BreadcrumbList","@id":"https:\/\/mailinvest.blog\/index.php\/2026\/04\/11\/two-different-attackers-poisoned-popular-open-source-tools-the-register\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/mailinvest.blog\/"},{"@type":"ListItem","position":2,"name":"Two different attackers poisoned popular open source tools \u2022 The Register"}]},{"@type":"WebSite","@id":"https:\/\/mailinvest.blog\/#website","url":"https:\/\/mailinvest.blog\/","name":"mailinvest.blog","description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis. mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","publisher":{"@id":"https:\/\/mailinvest.blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mailinvest.blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/mailinvest.blog\/#organization","name":"mailinvest","url":"https:\/\/mailinvest.blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mailinvest.blog\/#\/schema\/logo\/image\/","url":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/01\/default.png","contentUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/01\/default.png","width":1000,"height":1000,"caption":"mailinvest"},"image":{"@id":"https:\/\/mailinvest.blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/freelanceracademic\/"]},{"@type":"Person","@id":"https:\/\/mailinvest.blog\/#\/schema\/person\/012701c4c204d4e4ebd34f926cfd31a4","name":"admin@mailinvest.blog","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g","caption":"admin@mailinvest.blog"},"sameAs":["https:\/\/mailinvest.blog","admin@mailinvest.blog"],"url":"https:\/\/mailinvest.blog\/index.php\/author\/adminmailinvest-blog\/"}]}},"_links":{"self":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts\/122288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/comments?post=122288"}],"version-history":[{"count":1,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts\/122288\/revisions"}],"predecessor-version":[{"id":122290,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts\/122288\/revisions\/122290"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/media\/122289"}],"wp:attachment":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/media?parent=122288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/categories?post=122288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/tags?post=122288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}