Too Long; Didn't Read
Security researcher Alex Birsan breached systems of over 35 tech companies in what has been described as a novel software supply chain attack. The attack is of particular significance as unlike traditional typosquatting or brandjacking supply-chain attacks that Sonatype has talked about before, the targeted companies automatically received Birsan’s malicious packages without them making any spelling mistakes, or any social engineering involved. For demonstrating the seriousness of this type of attack, Birsan has been awarded upwards of $130,000 in bug bounties.