
The year-long rash of supply chain attacks against open source is getting worse - Kaibeezy
https://arstechnica.com/information-technology/2019/08/the-year-long-rash-of-supply-chain-attacks-against-open-source-is-getting-worse/
======
Kaibeezy
_The unknown attacker made a subtle change to a Webmin script called
password_change.cgi. The change gave attackers the ability to send a command
through a special URL that an infected Webmin server would then execute with
root privileges. In version 1.890, which had more than 421,000 downloads
between June, 2018 and last weekend, the backdoor was turned on by default.
... Backdoored versions were distributed on SourceForge, which is the primary
distribution source the Webmin website points to._

