Good to see @Phylum_IO raising "Dependency Confusion" as #3 in this list of software supply chain threats. I remember getting hit by this with a NPM pkg and you don't hear much about this risk. phylum.io/why-phylum
2
1
2
0
0
@jzcoder Thanks for the mention, John! Heads up, we have a roundtable coming up with our research team if you're interested in discussing more in-depth. You can register here: us06web.zoom.us/webinar/regist…
@jzcoder @Phylum_IO This is one we see a ton of. A lot show significant code similarity to some bugbounty howto articles, but if I was an attacker, I’d masquerade that way too