A hacker group is poisoning open source code at an unprecedented scale

A hacking group called TeamPC has been conducting a widespread software supply chain attack by poisoning open source code on GitHub with malware, impacting thousands of repositories. The campaign, which has been ongoing for months, involves injecting malicious code into popular open source projects to compromise downstream users at an unprecedented scale.