New "dependency confusion" technique, also known as a "substitution attack," allows threat actors to sneak malicious code inside private code repositories by registering internal library names on public package indexes.
Support the originator by clicking the read the rest link below.