Catalin Cimpanu on Nostr: A security researcher with the pseudonym 'neskafe3v1' hijacked 14 PHP libraries ...
A security researcher with the pseudonym 'neskafe3v1' hijacked 14 PHP libraries published on the Packagist repository as part of a stunt to help them find a job.
Four of the packages had more than 20 million downloads, with one package having 528 million lifetime downloads.
All done via breaking into weakly secured dev accounts.
Very reassuring our software supply chains are in good hands!
https://www.bleepingcomputer.com/news/security/researcher-hijacks-popular-packagist-php-packages-to-get-a-job/
Four of the packages had more than 20 million downloads, with one package having 528 million lifetime downloads.
All done via breaking into weakly secured dev accounts.
Very reassuring our software supply chains are in good hands!
https://www.bleepingcomputer.com/news/security/researcher-hijacks-popular-packagist-php-packages-to-get-a-job/