Again, I am not saying it is related but I think it has an impact.
Now in many places it is encouraged by coders and managers to vibe stuff on their own devices. Soon or later it will become a problem, especially for those that have no idea what they are doing.
I am not saying it is related but I feel that it coincides perfectly.
I just cannot believe there is no underlaying thread going through all of these recent supply chain issues, and yes there are some hacking groups that specialise in this, sure, but it is because the bounty is plentiful.
It's a continuation of the Shai Halud worm and the lack of security around developer dependnecy installations, which has existed for a very long time.
Hackers have figured out that developers themselves are an ideal target due to how easy it is to trick them into installing something and how much private information they have on their machines (creds, cloud clis, mcps, etc.).
Yes in our place too. "You better do as much as possible with AI or you will be left behind" dogmas etc.
It's the stupid IoT hype all over again. No concern for security, just trying to be the first in the pack.
Welp.
I personally think the, perhaps confusingly named, capability based security models are the way of The Future.
Idiots must suffer.