Hackers have compromised dozens of popular open source packages in an ongoing supply-chain attack | TechCrunch
… On Tuesday, cybersecurity firms StepSecurity and SafeDep warned of the latest wave of supply-chain attacks, which aim to compromise developers of popular open source projects and use that access to plant malicious updates that are pushed to users downstream. …