Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack.