Comment by detente18

2 days ago

Update:

- Impacted versions (v1.82.7, v1.82.8) have been deleted from PyPI - All maintainer accounts have been changed - All keys for github, docker, circle ci, pip have been deleted

We are still scanning our project to see if there's any more gaps.

If you're a security expert and want to help, email me - krrish@berri.ai

8 comments

detente18

detente18 20 hours ago

Update 2 (03/25/2026):

- We will be holding a townhall on Friday to review the incident and share next steps (https://lnkd.in/gsbTdCe7)

- We can confirm a bad version of Trivy security scanner ran in our CI/CD pipeline, which would have led to the supply chain attack

- We have paused new releases until we've completed securing our codebase and release pipeline to ensure safe releases for users

- We've added additional github/gitlab ci scripts for checking if you're impacted: https://lnkd.in/gGicMkby

We hope to share a full RCA in the coming days. Until then, if there's anything we can do to help your team - please let me know. You can email me (krrish@berri.ai), or join the discussion on github (https://lnkd.in/g9TuuQ2H).

cosmicweather 2 days ago

> All maintainer accounts have been changed

What about the compromised accounts(as in your main account)? Are they completely unrecoverable?

detente18 1 day ago

I deleted it, to be safe.

MadsRC 2 days ago

Dropped you a mail from mads.havmand@nansen.ai

ting0 2 days ago
[flagged]
- kvdveer 2 days ago
  
  > If you're a security expert and want to help, email me ...
  And
  > Dropped you a mail from [email]
  I don't think there is any indication of a compromise, they are just offering help.
  
  1 reply →
- MadsRC 2 days ago
  
  We were not. I reached out to the team at BerriAI to offer my assistance as a security professional, given that they requested help from security experts.