24 Jan
2022
24 Jan
'22
10:34 a.m.
On Mon, 24 Jan 2022 10:10:06 +1300, Peter Reutemann wrote:
'Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack ...'
-- source: https://arstechnica.com/information-technology/2022/01/supply-chain-attack-u...
I don’t understand this part: The affected software was available by download directly from the AccessPress Themes site. The same themes and plugins mirrored on WordPress.org, the official developer site for the WordPress project, remained clean. If the mirroring site is not getting the files from the original site (complete with backdoors), then where is it getting them from?