عاجل
TRAlmanya'da Silahlı Saldırı: 6 Kişi Hayatını KaybettiTRGazze'deki Şifa Hastanesi'nde Diyaliz Hastalarından Abluka ProtestosuTRİsrail'in El Halil'deki İbrahim Camisi'ne Yönelik İhlalleri ve Yahudileştirme ÇabalarıTRÇaykur Rizespor, Futbol Akademisi İçin Mesut Özil ile AnlaştıCRYPTO-TRWintermute: Ayı Piyasasının Önemli Bölümü Geride Kaldı Ancak Büyük Tehlikeler VarCRYPTO-TRABD'de Dijital Varlıklar Netlik Yasası İçin Kritik Temmuz AyıTRHürmüz Boğazı'nda Ticari Gemi Trafiği ABD-İran Mutabakatıyla ArttıTRUNDP Temsilcisi: Ebola Salgını KDC'de 1 Milyon Kişiyi Daha Yoksulluğa İtebilirTRCHP'den 26 ilde görevden alma ve yeni atama kararlarıTRAKP'li Ömer Çelik'ten Özgür Özel'e 'AK Gençlik' YanıtıTRAlmanya'da Silahlı Saldırı: 6 Kişi Hayatını KaybettiTRGazze'deki Şifa Hastanesi'nde Diyaliz Hastalarından Abluka ProtestosuTRİsrail'in El Halil'deki İbrahim Camisi'ne Yönelik İhlalleri ve Yahudileştirme ÇabalarıTRÇaykur Rizespor, Futbol Akademisi İçin Mesut Özil ile AnlaştıCRYPTO-TRWintermute: Ayı Piyasasının Önemli Bölümü Geride Kaldı Ancak Büyük Tehlikeler VarCRYPTO-TRABD'de Dijital Varlıklar Netlik Yasası İçin Kritik Temmuz AyıTRHürmüz Boğazı'nda Ticari Gemi Trafiği ABD-İran Mutabakatıyla ArttıTRUNDP Temsilcisi: Ebola Salgını KDC'de 1 Milyon Kişiyi Daha Yoksulluğa İtebilirTRCHP'den 26 ilde görevden alma ve yeni atama kararlarıTRAKP'li Ömer Çelik'ten Özgür Özel'e 'AK Gençlik' Yanıtı
Newsgather
BackHackers Target Open Source Projects in Supply Chain Attacks
Hackers Target Open Source Projects in Supply Chain Attacks
مُلِح
TechCrunch19.05.2026تقنية1 dk okumaUnited States

Hackers Target Open Source Projects in Supply Chain Attacks

cyberattackopen sourcesupply chain attack

نظرة سريعة

  • Cybersecurity firms StepSecurity and SafeDep warn of a new wave of "supply chain" attacks targeting open source projects.
  • Hackers compromised developer accounts to push malicious updates, aiming to steal credentials and spread malware.
  • The campaign, dubbed "Mini Shai-Hulud," has affected packages like Alibaba's Antv.

ملخص مُنشأ بالذكاء الاصطناعي

لماذا يهم

Hackers are increasingly targeting open source projects in "supply chain" attacks. These attacks aim to compromise developers of popular open source projects and use that access to plant malicious updates that are pushed to users downstream.

حجم الخط

Hackers have compromised several popular open source projects relied on by software developers all over the world in an ongoing cyberattack.

On Tuesday, cybersecurity firms StepSecurity and SafeDep warned of the latest wave of so-called “supply chain” attacks, which aim to compromise developers of popular open source projects and use that access to plant malicious updates that are pushed to users downstream.

According to SafeDep, hackers took over the account of one developer and released over 630 malicious versions across 317 packages in about 20 minutes. The goal of the attack is to steal credentials for various services, including password managers, as a way to steal data and continue spreading the malware.

Among the packages that the hackers compromised there’s Antv, a library made by Alibaba. In some cases, the hackers published malicious updates on GitHub, according to JFrog Security.

This latest wave of attacks is part of a wider campaign targeting open source projects and the developers who use the code for their own projects. Researchers have dubbed the hacks “Mini Shai-Hulud,” after the attack followed a previous, more expansive hacking campaign.

أسئلة مفتوحة

  • What is the total number of affected users?
  • What specific services were targeted for credential theft?
  • Are there any known nation-state actors behind this campaign?
  • What measures are being taken to secure the affected open source projects?

مواضيع ذات صلة

cyberattack
منظماتStepSecuritySafeDepAlibabaGitHub
مواضيعopen sourcesupply chain attackmalwarecredentials theftGitHubAlibaba
This article was originally published by TechCrunch.

أخبار ذات صلة

المزيد حول هذا الموضوعcyberattack