all InfoSec news
XZ Trojan highlights software supply chain risk posed by 'sock puppets'
ReversingLabs Blog blog.reversinglabs.com
The high-profile compromise of the XZ Utils open-source compression library, disclosed last week, highlights an under-reported threat: social engineering attacks that target open-source package maintainers and other developers to stage software supply chain attacks.
appsec & supply chain security attacks compression compromise developers engineering high library maintainers package profile risk social social engineering social engineering attacks sock software software supply chain software supply chain attacks software supply chain risk stage supply supply chain supply chain attacks supply chain risk target threat threat research trojan under week xz utils