Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers executed a massive supply-chain attack by inserting malicious code into open source software packages that receive over 2 billion weekly downloads. This attack, affecting nearly two dozen packages on the npm repository, was one of the largest of its kind. The breach was brought to light through social media posts, with a maintainer of the compromised packages admitting to being tricked into revealing account information. The incident highlights the vulnerability of software supply chains to cyber threats and the importance of maintaining strong security measures.