Ethical hacker breached defenses of 35 companies using ‘Dependency Confusion’ supply-chain hack and popular open-source software repositories