Not exactly a supply chain compromise, as devs should be smart enough to update via a package manager such as winget and chocolatey, but it certainly fits for a watering hole attack.
Not exactly a supply chain compromise, as devs should be smart enough to update via a package manager such as winget and chocolatey, but it certainly fits for a watering hole attack.
I suppose one could view it as a supply-chain compromise of an alternate chain that's very short.