Academic researchers have released details about a new attack method they call “Trojan Source” that allows injecting vulnerabilities into the source code of a software project in a way that human reviewers can’t detect. Trojan Source relies on a simple trick that does not require modifying the compiler to create vulnerable binaries.
Read full article on Bleeping Computer