A security researcher managed to breach over 35 major companies’ internal systems in a novel software supply chain attack. The attack leveraged a unique design flaw of the open-source ecosystems called dependency confusion. Malware is distributed downstream automatically into the company’s internal applications. Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, and Uber were the targets. The researcher has earned well over $130,000 in bug bounties for ethical research efforts for his ethical research and has earned more than $100,000.
Source: https://www.bleepingcomputer.com/news/security/researcher-hacks-over-35-tech-firms-in-novel-supply-chain-attack/