A new supply chain attack technique has been discovered, allowing attackers to Trojanize all commands. This threat targets open-source ecosystems, including PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates. The entry point feature, designed to enhance modularity and plugin systems, can be exploited by malicious actors to execute harmful code when running specific commands. Attackers may use command hijacking, malicious plugins, or extensions to trick users into executing malicious code.

Source: https://dev.to/carrie_luo1/new-supply-chain-attack-technique-can-trojanize-all-commands-part-1-4kcc