In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack.

Hackers used the secrets stolen in the recent Nx supply chain attack to publish over 6,700 private repositories publicly.