From bleepingcomputer.com
Microsoft has once again been successfully hit by a dependency hijacking attack.
Previously, as first reported by BleepingComputer, a researcher had ethically hacked over 35 major tech firms, including Microsoft, by exploiting a weakness called “dependency confusion.”
This month, another researcher found an npm internal dependency, after squatting which, he began receiving messages from Microsoft’s servers.