Add blog post for crates.io incident on 24.09.25

[walterhpearce]

cc @Turbo87 @pietroalbini @LawnGnome @carols10cents

Rendered

[lqd]

Suggested change

	The malicious code was executed at runtime, when running or testing a project depending on them. Notably, they did not execute any malicious code at build time. Except for their malicious payload, these crates copied the source code, features, documentation of legitimate crates, using a similiar name to them (a case of typosquatting[^typosquatting]).
	The malicious code was executed at runtime, when running or testing a project depending on them. Notably, they did not execute any malicious code at build time. Except for their malicious payload, these crates copied the source code, features, documentation of legitimate crates, using a similar name to them (a case of typosquatting[^typosquatting]).

[lqd]

Suggested change

	These crates had no dependenant downstream crates on crates.io.
	These crates had no dependent downstream crates on crates.io.

?

[lqd]

Suggested change

	The crates then proceeded to exflitrate the results of this search to `https://mainnet[.]solana-rpc-pool[.]workers[.]dev/`.
	The crates then proceeded to exfiltrate the results of this search to `https://mainnet[.]solana-rpc-pool[.]workers[.]dev/`.

[lqd]

Suggested change

	On September 24th, the crates.io team was notified by Kirill Boychenko from the [Socket Threat Research Team][socket] of two malicious crates which were actively searching file contents for Etherum private keys, Solona private keys, and arbitrary byte arrays for exflitration.
	On September 24th, the crates.io team was notified by Kirill Boychenko from the [Socket Threat Research Team][socket] of two malicious crates which were actively searching file contents for Ethereum private keys, Solona private keys, and arbitrary byte arrays for exfiltration.