From bleepingcomputer.com
Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as “RepoJacking,” which could help attackers deploy supply chain attacks impacting a large number of users.
The warning comes from AquaSec’s security team, ‘Nautilus,’ who analyzed a sample of 1.25 million GitHub repositories and found that about 2.95% of them to be vulnerable to RepoJacking.
By extrapolating this percentage to GitHub’s entire repository base of more than 300 million, the researchers estimate that the issue affects approximately 9 million projects.