ADVERTISEMENT

Code trust crisis: Is it safe to update your system during an active supply chain attack?

Running a routine Python pip update command on March 24 could’ve pulled malware that stole passwords and crypto savings. Running npm update a week later could've dropped a trojan. Critical LiteLLM and axios attacks expose just how vulnerable dependency trees are. But can you get infected just by running OS update commands like “apt update,” “dnf upgrade,” or “brew upgrade?”

burning computer

Image by PC Gamer / Getty Images

Ernestas Naprys
Ernestas Naprys Senior Journalist
Mar 31, 2026 Updated: 1 April 2026 5 min read

Open source supply chain attacks are raging

OS updates are a lot safer

Has my data been leaked?
sudo apt
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Add us as your Preferred Source on Google.
ADVERTISEMENT

Many more repositories are vulnerable to attacks

Credentials, logins and passwords with hands
Image by Cybernews.
github logo
Github logo. By Shutterstock.

What can you do to protect yourself?

windows-updated
Image by Shutterstock.

ADVERTISEMENT