╔══════════════════════════════════════════╗
║ ▓▓▓▓▓ CRITICAL ALERT ▓▓▓▓▓ ║
║ ║
║ ▶ INTRUSION DETECTED ║
║ ▶ VECTOR: supply-chain ║
║ ▶ STATUS: actively exploited ║
║ ▶ AFFECTED: 12,000+ instances ║
║ ║
║ [LIVE FORENSICS IN PROGRESS] ║
╚══════════════════════════════════════════╝
Security · Breaking
Supply-Chain Attack on Popular npm Package Affects Over 12,000 Repositories
Researchers at GitHub Security Lab disclosed a coordinated supply-chain compromise affecting node-ipc and several dependent packages. Malicious code was injected via a compromised maintainer account and remained undetected for approximately 36 hours before being flagged by automated scanning.