Hackers hijack developer account in 20 minutes, compromise 317 packages
A big cyberattack just hit popular open-source projects, with hackers sneaking malicious updates into widely used software.
In a flash (just 20 minutes), they took over a developer's account and released over 630 tampered versions across 317 packages, putting developers and users everywhere at risk.
Mini Shai-Hulud targets password manager credentials
The attackers' code was set up to steal service credentials, including those for password managers, making it easier to grab sensitive information and spread malware.
This campaign, called "Mini Shai-Hulud," affected libraries like Antv from Alibaba and even showed up on GitHub.
It follows another recent attack on TanStack that caused trouble for OpenAI and other organizations, highlighting how vulnerable open-source projects can be right now.