Numerous Android and Java apps leveraging abandoned open-source libraries, including all technologies based on Apache Maven, could be compromised through the novel MavenGate software supply chain attack technique, reports The Hacker News. Threat actors could leverage MavenGate method to facilitate dependency artifact takeovers and malicious code injections, as well as build process compromise without being detected, a report from Oversecured revealed.

Source: SC Magazine