A researcher managed to breach over 35 major companies’ internal systems, including Apple, Microsoft, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, in a novel software supply chain attack, reports Bleeping Computer.
The article says the attack comprised uploading malware to open source repositories including PyPI, npm, and RubyGems, which then got distributed downstream automatically into the company’s internal applications. Apple has told BleepingComputer that Birsan will get a reward via the Apple Security Bounty program for responsibly disclosing this issue.
