XZ Trojan highlights software supply chain risk posed by ‘sock puppets’

The high-profile compromise of the XZ Utils open-source compression library, disclosed last week, highlights an under-reported threat: social engineering attacks that target open-source package maintainers and other developers to stage software supply chain attacks. 

The post XZ Trojan highlights software supply chain risk posed by ‘sock puppets’ appeared first on Security Boulevard.