Hijacking S3 Buckets: New Attack Technique Exploited in the Wild by Supply Chain Attackers
Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones. While this specific risk was mitigated, a quick glance through