Researcher breaches 35 tech firms in a novel supply chain attack

Researcher breaches 35 tech firms in a novel supply chain attack

3 years ago
Anonymous $K6XgmDN5_o

https://www.bleepingcomputer.com/news/security/copycats-imitate-novel-supply-chain-attack-that-hit-tech-giants/

This week, over 150 new packages have been published to the npm open-source repository named after private components being internally used by major companies.

These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms and walk away with over six-figures in bug bounty rewards.

Researcher breaches 35 tech firms in a novel supply chain attack

Feb 12, 2021, 10:46pm UTC
https://www.bleepingcomputer.com/news/security/copycats-imitate-novel-supply-chain-attack-that-hit-tech-giants/ > This week, over 150 new packages have been published to the npm open-source repository named after private components being internally used by major companies. > These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms and walk away with over six-figures in bug bounty rewards.