Software supply-chain attacks are no longer rare events(wired.com)
wired.com
Software supply-chain attacks are no longer rare events
https://www.wired.com/story/teampcp-software-supply-chain-attack-spree-github/
1 comments
They are not stealing the package.
They are using it as a door into developer machines, CI, tokens, and customer systems.