A security researcher hacked the internal systems of major companies like Apple, Microsoft, PayPal, and others using a supply chain attack he dubbed “dependency confusion.”
The attack took advantage of a flaw inherent in many popular installers used by developers to packages and dependencies. By uploading malware to open source repositories, researcher Alex Birsan was able to trick these installers into downloading his malicious code, according to a writeup he posted on Medium.
