# Hackers compromise dozens of popular open source packages in supply-chain attack

_Friday, June 26, 2026 at 12:56 AM EDT · Cybersecurity · Latest · Tier 2 — Notable_

![Hackers compromise dozens of popular open source packages in supply-chain attack — Primary](https://techcrunch.com/wp-content/uploads/2026/05/code-on-a-screen.jpg?resize=1200,675)

Cybersecurity firms StepSecurity and SafeDep warned of the latest wave of supply chain attacks. The attacks aim to compromise developers of popular open source projects and plant malicious updates that reach users downstream.

According to SafeDep, hackers took over the account of one developer. They released over 630 malicious versions across 317 packages in about 20 minutes. The goal is to steal credentials for various services, including password managers, to steal data and spread the malware.

Among the compromised packages is Antv, a library made by Alibaba. In some cases, hackers published malicious updates on GitHub, according to JFrog Security.

This wave is part of a wider campaign targeting open source projects and developers. Researchers have dubbed the hacks Mini Shai-Hulud, following a previous campaign. Last week, hackers compromised the computers of two OpenAI employees after hacking the TanStack library. OpenAI was one of several victims.

## Sources

- [TechCrunch](https://techcrunch.com/2026/05/19/hackers-have-compromised-dozens-of-popular-open-source-packages-in-an-ongoing-supply-chain-attack/)

---
Canonical: https://techandbusiness.org/newswire/ftXthZQNlVb79SQpkD6vdw
Retrieved: 2026-06-26T10:50:15.060Z
Publisher: Tech & Business (techandbusiness.org)