Software packages with more than 2 billion weekly downloads hit in supply-chain attack

A major supply-chain attack has hit software packages with over 2 billion weekly downloads on the npm registry. The attack targeted the popular 'node-ipc' and 'perf_hooks' packages, which are used by thousands of applications and developers worldwide. The malicious code was hidden in a recent update to the packages, allowing attackers to gain access to infected systems and potentially steal sensitive data. The attack is believed to be the largest supply-chain attack in history, affecting a vast number of developers and applications. Researchers have identified the attack as a "dependency confusion" tactic, where attackers exploit the way developers manage their software dependencies to inject malicious code. The incident highlights the growing threat of supply-chain attacks and the need for more robust security measures in the software development ecosystem. Authorities and security experts are working to contain the damage and provide guidance to affected users. The incident serves as a stark reminder of the importance of maintaining vigilance and implementing rigorous security practices in software development and distribution.