GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
I don’t know that it’s corporate sponsored so much as corporate subsidised: via LLMs that cost more to operate than people pay to use them…
Also probably a lot of well intentioned AI code introduced vulnerabilities and bugs, with each bug providing opportunities for a new supply chain attack in the form of a fix…
I don’t know that it’s corporate sponsored so much as corporate subsidised: via LLMs that cost more to operate than people pay to use them…
Also probably a lot of well intentioned AI code introduced vulnerabilities and bugs, with each bug providing opportunities for a new supply chain attack in the form of a fix…