Apple, Microsoft, PayPal among 35 organizations compromised by evil twin dependencies attack

Security researcher finds it's easy to confuse build systems with malicious versions of private software libraries
Bug hunter Alex Birsan last year managed to compromise the software supply chain of 35 companies by exploiting packaging mechanisms used by JavaScript, Python, and Ruby developers.…