The attacker’s entry point was through an unknown and unmonitored build server. Misconfigurations played a role as well, though the lack of visibility into build assets was the first flaw in a series ...