TECH NEWS

Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack

https://techcrunch.com/wp-content/uploads/2026/05/code-on-a-screen.jpg?resize=1200,675

In Brief

8:32 AM PDT · May 19, 2026

Hackers have compromised several popular open source projects relied on by software developers all over the world in an ongoing cyberattack.

On Tuesday, cybersecurity firms StepSecurity and SafeDep warned of the latest wave of so-called “supply chain” attacks, which aim to compromise developers of popular open source projects and use that access to plant malicious updates that are pushed to users downstream.

According to SafeDep, hackers took over the account of one developer and released over 630 malicious versions across 317 packages in about 20 minutes. The goal of the attack is to steal credentials for various services, including password managers, as a way to steal data and continue spreading the malware.

Among the packages that the hackers compromised there’s Antv, a library made by Alibaba. In some cases, the hackers published malicious updates on GitHub, according to JFrog Security.

...

Copyright of this story solely belongs to techcrunch.com. To see the full text click HERE

Read more

https://techcrunch.com/wp-content/uploads/2026/06/Patronus-team.jpg?resize=1200,800

Patronus AI, which builds simulated digital environments for evaluating AI agents, raised a $50M Series B led by Greenfield, bringing its total funding to $70M

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.