Open Source Poisoned Patches Infect Local Software

Malicious packages lurking on open source repositories like npm have become less effective, so cyberattackers are using a new strategy: offering “patches” for locally installed programs.