Empowering everyone to build reliable and efficient software.
The Rust Security Response Team was notified of a vulnerability in the
third-party crate tar, used by Cargo to extract packages during a build. The
vulnerability, tracked as CVE-2026-33056, allows a malicious crate to change
the permissions on arbitrary directories on the filesystem when Cargo extracts
it during a build.
Cargo theft now starts with phishing emails and stolen credentials, not hijackings, to reroute and steal freight from supply…
Collection of Cloudflare blog posts tagged 'Rust Workers'
A recently patched GitHub RCE flaw is raising broader questions about implicit trust in software supply chains. CodeHunter CEO…
TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious…
Get the latest news on how products at Cloudflare are built, technologies used, and join the teams helping to build a better…
Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on…
