| ▲ | bobbylarrybobby 4 days ago | |
If they'd waited a week before using their ill-gotten credentials to update the packages, would they have been detected in that week? | ||
| ▲ | captn3m0 4 days ago | parent [-] | |
That is what the tj-actions attacker did: https://unit42.paloaltonetworks.com/github-actions-supply-ch... | ||