Software packages with more than 2 billion weekly downloads hit in supply-chain attack
In a shocking breach, hackers have infiltrated open source software packages that collectively receive over 2 billion downloads each week, marking one of the largest supply-chain attacks in history. This alarming incident, which has impacted nearly two dozen packages on the npm repository, came to light following social media discussions on Monday. The breach was linked to Josh Junon, a maintainer of the compromised packages, who revealed that he had been deceived by a phishing email. The fraudulent message claimed that his npm account would be suspended unless he updated his two-factor authentication settings on a fake website. In a candid post, Junon, also known by his handle Qix, expressed regret over the incident, acknowledging his lapse in vigilance during a particularly stressful week. Seizing the opportunity from this account compromise, the attackers swiftly manipulated the situation. Within just one hour, they pushed updates to numerous open source packages that included malicious code designed to siphon cryptocurrency into wallets controlled by the attackers. This nefarious addition spanned over 280 lines of code and was engineered to monitor cryptocurrency transactions on infected systems, linking them to the attackers’ wallets. Among the 20 compromised packages were vital components of the JavaScript ecosystem, many of which are foundational and have extensive dependencies. These packages are not only widely utilized but also have numerous other npm packages reliant on them, amplifying the potential fallout of the attack. Security experts from Socket highlighted that the attack's impact is significantly magnified due to the high-profile nature of the projects involved, allowing the hackers to disseminate malicious versions of packages that are crucial for countless applications, libraries, and frameworks. With the breadth and selection of affected packages, the incident appears meticulously orchestrated, aimed at maximizing disruption across the software ecosystem.
xAI Responds to Outcry by Restricting Grok's Image Editing Capabilities
In a significant response to widespread criticism, Elon Musk's xAI announced on Wednesday that its Grok chatbot will cea...
CNBC | Jan 15, 2026, 01:35
Geopolitical Tensions Propel Gold and Silver Prices Amid Market Volatility
Recent discussions among high-ranking officials from Greenland, Denmark, and the United States at the White House have e...
CNBC | Jan 15, 2026, 07:45
Grok Enforces New Restrictions on AI Image Creation Following Global Outcry
In response to significant international criticism, Grok has enacted strict new guidelines prohibiting the generation of...
Business Insider | Jan 15, 2026, 01:20Volvo's Game-Changing EX60 SUV: The Future of Electric Driving with HuginCore Technology
Volvo is set to unveil its latest electric vehicle, the EX60 SUV, next week, showcasing a commitment to innovation withi...
Ars Technica | Jan 15, 2026, 08:05
California Unveils Groundbreaking Tool to Enhance Data Privacy for Residents
As the new year unfolds, Californians are presented with a significant advancement in personal privacy protection. Start...
Mint | Jan 15, 2026, 08:00