A hacker group is poisoning open source code at an unprecedented scale
Summary
Ars Technica reports on TeamPCP’s unprecedented open source software supply chain attacks, including GitHub’s breach via a poisoned VSCode extension and the spread of tainted code across hundreds of repositories. The piece highlights the worm-like propagation, high-profile victims, and expert commentary on defensive hygiene and credential management to mitigate such threats.