Newly discovered campaign takes advantage of the fact that most vulnerability scanning tools don't read compiled open-source software. Attackers who are targeting open-source package repositories like ...