Arcitecta, a creative and innovative data management software company, today announced that the National Film and Sound Archive of Australia (NFSA) has selected Arcitecta’s Mediaflux® platform to serve as its central Digital Asset Management System (DAMS), marking a significant step in its digital transformation journey. This initiative is part of a broader strategy to enhance the discoverability, preservation and public accessibility of Australia’s audiovisual heritage, ensuring its continued relevance and value for future generations.
As digital assets grow at an unprecedented rate, traditional storage models and outdated workflows are no longer sufficient for institutions committed to preserving and providing access to cultural heritage. The NFSA faced mounting challenges in managing the scale, complexity and growing demand for access to its digital collections. Key requirements for its transformation included the ability to:
- Enhance digital discovery and engagement through improved online experiences and social platform integration;
- Replace legacy systems with a state-of-the-art, centralized platform that streamlines workflows and integrates seamlessly with existing collection and exhibition management tools;
- Support the government-funded digitization of at-risk materials across multiple National Cultural Institutions; and
- Automate external contributor workflows and reduce reliance on manual, labor-intensive asset handling processes.
NFSA selected Arcitecta’s Mediaflux following a rigorous evaluation, in which it distinguished itself with a unified, intelligent approach to data management. The platform delivers scalable, future-proof capabilities for metadata enrichment, long-term preservation and seamless integration with NFSA’s broader digital ecosystem. Mediaflux enables intelligent data tiering, automation and policy-driven governance—eliminating silos while enhancing operational efficiency.
This project reflects a larger trend within the GLAMs (galleries, libraries, archives and museums) sector as institutions adopt scalable, cloud-ready and metadata-driven platforms to address the growing demands of digital stewardship, research innovation and public engagement.
Through a multi-phase implementation, NFSA will modernize its workflows, making it significantly easier for external contributors to submit and access materials. The project is designed to support the long-term preservation of Australia’s cultural legacy while equipping NFSA with cutting-edge tools for managing digital assets.
The first phase is focused on three key areas to optimize critical aspects of NFSA’s operations:
- Intelligent Metadata Management – Mediaflux will automate metadata ingestion and contextual enrichment, improving archival searchability and aligning with evolving storage formats.
- Next-Gen Collections Management – A robust digital accessioning workflow will streamline how new materials are curated and preserved.
- Seamless Contributor Interaction – An intuitive web portal will allow external parties—broadcasters, donors, and production houses—to securely deposit and withdraw digital assets, simplifying ingest and access.
To support these initiatives with a strong technical foundation, NFSA is integrating advanced infrastructure and storage solutions tailored for performance, scalability, and sustainability. Wasabi’s cloud storage integration, managed by Mediaflux, offers cost-effective scalability, no egress fees and intelligent tiering to optimize storage efficiency and sustainability.
Dell PowerScale flash and archive solutions are powering the high-speed digitization and long-term preservation of archive collections, enabling instant access to priceless history at scale.
Why Mediaflux
Mediaflux enables organizations to unify and consolidate digital assets across diverse formats and departments within a single, cohesive platform. Purpose-built for petabyte-scale data environments, it delivers real-time performance and advanced metadata automation to streamline complex workflows. Mediaflux combines deep domain expertise with flexible customization. Its robust capabilities also unlock new monetization and audience engagement opportunities by making enriched collections more accessible than ever before.
In addition, Arcitecta’s proven track record delivering DAMS solutions to institutions, combined with its deep experience in complex, multi-industry environments, gave NFSA confidence in its ability to provide reliable support, ongoing maintenance and adaptability to future needs.
Resources
npm malware campaign stealing developer credentials across platforms
Posted in Commentary with tags Hacked on October 30, 2025 by itnerdRecently, cybersecurity researchers disclosed two sophisticated npm malware campaigns targeting developer credentials across Windows, macOS, and Linux systems. Socket researchers discovered 10 malicious packages with over 9,900 downloads, while Koi Security identified an ongoing campaign dubbed PhantomRaven involving 126 infected packages with 86,434 downloads. Both campaigns use advanced evasion techniques: PhantomRaven exploits Remote Dynamic Dependencies and AI-driven “slopsquatting,” while the Socket-discovered malware uses four layers of obfuscation to harvest credentials from system keyrings, browsers, and authentication services.
You get more details here: 10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux
CTO of DryRun Security, Ken Johnson had this comment:
“Attackers are getting better at blending in. The fake “nodejs-smtp” package posing as Nodemailer and a swarm of ten typosquatted npm packages prove it. These weren’t one-off prank packages tossed onto the registry, they behaved like legitimate libraries while performing post-install tricks that turn normal developer workflows into an attack surface.
Both incidents share the same playbook: abuse the packaging and install steps. In the nodejs-smtp case the attacker unpacked and modified an app archive and repackaged it; in the recent npm cluster the payload is triggered automatically via postinstall hooks, spawns a separate terminal to run an obfuscated loader, shows a fake CAPTCHA and then pulls a large PyInstaller stealer. That stealer targets system keyrings, browsers, SSH keys and other persisted secrets on Windows, Linux and macOS, exactly the kinds of credentials developers and CI systems rely on every day.
Vetting dependencies is necessary but no longer sufficient. Teams need visibility and controls that extend beyond “what” is pulled from npm or PyPI to cover “what happens next” packaging, install scripts, build artifacts and runtime behavior. Postinstall hooks, repackaging steps, and terminal-spawned payloads are all legitimate mechanisms that attackers now weaponize, so they deserve attention.
Operationally that means treating installs and builds as untrusted execution: run package installs in ephemeral, isolated CI containers; require reproducible builds and signed artifacts; scan for postinstall hooks and typosquatted names before they reach CI; monitor outbound connections from build hosts; and lock down access to OS credential stores (or use vaults that don’t expose plaintext secrets). Add integrity checks and SBOMs into the pipeline so you can detect unexpected changes to archives and binaries early.
In short: shrink the implicit trust you place in the build and install process. The boundary that used to stop at “dependency X is okay” has moved and attackers are now weaponizing packaging and install-time behavior to reach secrets and persistence. If you only scan package names and static source, you’ll miss the parts of the pipeline where real compromise happens.”
Developers are a key part of security. Thus they need to make sure everything that they do is focused on putting out code that is secure by default. These days it’s a requirement to do so.
Leave a comment »