Hello,
This is a security advisory to let you know that none of the Scissors infrastructure has been compromised as part of the recent fractureiser malware discovery. Scissors is hosted on the Plexus CI server and I have ran the script provided by Prism Launcher and no results came up. I will continue to monitor the server for any changes. Note that any Scissors jars you may have downloaded that were NOT from the CI server may not be safe as apparently this malware attempts to infect all .jar files. We recommend only downloading the latest version from the Plexus CI server.
Note that Scissors was hosted on a separate Jenkins instance until very recently. That Jenkins installation was not affected. Fleek's dedicated server was being used to build Scissors as the agent provided by Wild was almost always offline. I have checked Fleek's dedicated server and that was not infected either. As far as I am aware, official builds of Scissors were not impacted and I will continue to monitor the
…