@arstechnica on Backlist

A hacker group is poisoning open-source code at unprecedented scale

Supply-chain attacks are moving from isolated package incidents to coordinated compromise campaigns against the software commons