In what’s a novel supply chain attack, a security researcher managed to breach over 35 major companies’ internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, and achieve remote code execution.
The technique, called dependency confusion or a substitution attack, takes advantage of the fact that a piece of software may include components from a mix
Source de l’article sur The Hacker News