Software packages with more than 2 billion weekly downloads hit in supply-chain attack
via infosec.exchange
Short excerpt below. Read at the original source.
Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. The attack, which compromised nearly two dozen packages hosted on the npm repository, came to public notice on Monday in social media posts. Around the same time, […]