Hackers compromised the GitHub account of freelance talent marketplace Toptal, gaining access to their entire repository of software, then injected malware into popular NPM packages.
Accessing the entire repository of a company to push malware via updates is a goal many hackers aspire to. If that company also happens to have a lot of popular software, the target is that much more enticing.
According to a Bleeping Computer report, hackers took over Toptal’s GitHub account and immediately set 73