An ethical hacker has demonstrated a novel supply-chain attack that breached the systems of more than 35 technology players. The attack, devised by security researcher Alex Birsan, injects malicious code into common tools for installing dependencies in developer projects. The malicious code then uses these dependencies to propagate malware through a targeted company s internal applications and systems. The researcher received more than $130,000 in bug bounties and pre-approved financial arrangements with targeted organizations, who all agreed to be tested.
Source: https://threatpost.com/supply-chain-hack-paypal-microsoft-apple/163814/