{"id":99690,"date":"2025-09-08T20:37:04","date_gmt":"2025-09-09T00:37:04","guid":{"rendered":"http:\/\/pappp.net\/?guid=6c18b3abf1e34c1eaede8be53d9793c0"},"modified":"2025-09-08T20:37:04","modified_gmt":"2025-09-09T00:37:04","slug":"software-packages-with-more-than-2-billion-weekly-downloads-hit-in-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/pappp.net\/?p=99690","title":{"rendered":"Software packages with more than 2 billion weekly downloads hit in supply-chain attack"},"content":{"rendered":"

Source: Ars Technica<\/a><\/p>\n

Article note: A whole pile of one-liner packages used all over the place, compromised by a basic phish.\n\nI reiterate: I sincerely believed for some time that node\/npm was a joke about bad design. Despite knowing that people take it seriously, I'm not entirely sure I was wrong.<\/div>

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever.<\/p>\n

The attack, which compromised nearly two dozen packages hosted on the npm repository, came to public notice on Monday in social<\/a> media<\/a> posts. Around the same time, Josh Junon, a maintainer or co-maintainer of the affected packages, said<\/a> he had been “pwned” after falling for an email that claimed his account on the platform would be closed unless he logged into a site and updated his two-factor authentication credentials.<\/p>\n

Defeating 2FA the easy way<\/h2>\n

“Sorry everyone, I should have paid more attention,” Junon, who uses the moniker Qix, wrote. “Not like me; have had a stressful week. Will work to get this cleaned up.”<\/p>

Read full article<\/a><\/p>\n

Comments<\/a><\/p>","protected":false},"excerpt":{"rendered":"

Hackers planted malicious code in open source software packages with mo…<\/p>\n

Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226],"tags":[],"class_list":["post-99690","post","type-post","status-publish","format-standard","hentry","category-news-2"],"_links":{"self":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/99690","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=99690"}],"version-history":[{"count":0,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/99690\/revisions"}],"wp:attachment":[{"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=99690"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=99690"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=99690"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}