A Microsoft server has been successfully hit by a dependency hijacking attack. The attack exploits a weakness called “dependency confusion”” in open-source repository managers when it comes to retrieving dependencies specified for a software package. Attackers inject malicious code into an automated supply-chain attack in automated supply chain attacks. Microsoft has been identified as the source of the attack
Source: security