• surewhynotlem@lemmy.world
      link
      fedilink
      English
      arrow-up
      32
      ·
      10 months ago

      To try and take over other people’s ci/cd pipelines and inject malware into otherwise legitimate application binaries.

    • phillaholic@lemm.ee
      link
      fedilink
      English
      arrow-up
      10
      ·
      10 months ago

      LastPass hack happened due to a developer logging I. On their home PV which had an outdated and vulnerable version of Plex installed. Swap outdated for “maliciously forked” and now attackers have legit code that can run for months before they use what they’ve injected to take over.