Backdoored developer tool that stole credentials escaped notice for 3 months

SUPPLY CHAIN ATTACK —

AWS credentials and private repository tokens could allow self-perpetuating attacks.