Let this thread act as a table of contents for the software contributions found to be malicious or done in ill intent. With every story that you send in the comments, I will add a respective entry to the list in chronological order. Each entry in the chronology will show the date and the appropriate name, linking to your comment.
Please, give a summary in the words that you understand, point out the date it was effective and provide reliable links. These links may include the detailed report (required), malicious source and the fix (if any).
My take away is how can we prevent this from happening. A PR will be created from Weblate towards GitHub. I think there people can peer-review the translations before it’s getting merged.
EDIT: The problem is you can’t read all languages maybe. So translation PRs might require multiple approvals.