[katsume3]

And more reading on this matter, relevant to CCleaner's supply chain mishap:

https://www.wired.com/story/inside-the-unnerving-supply-chai...

Something like Bleachbit seems more reputable, but not necessarily immune from similar attacks, but it's what I use instead of CCleaner.

[mint2]

Interesting. I always thought a supply chain hack meant compromising one of the dependencies a product uses, not simply hacking the company itself and altering their product.

[trishankdatadog]

Yes, I talked about it:

https://news.ycombinator.com/item?id=24371628