Hackers have once again targeted popular open source projects, compromising dozens of packages in an ongoing supply chain attack. On Tuesday, cybersecurity firms StepSecurity and SafeDep warned developers about this latest wave of attacks, which aim to steal credentials for password managers and other services.

The attackers took over one developer’s account and released malicious versions across 317 packages within just 20 minutes. Among the affected libraries is Antv, a project created by Alibaba. JFrog Security reported that hackers published these malicious updates on GitHub.

This latest attack follows a broader campaign targeting open source projects. Researchers have dubbed it “Mini Shai-Hulud,” referencing an earlier, more expansive hacking operation. A week prior, the same attackers compromised two OpenAI employees after hacking into the TanStack open source library.

The ongoing threat to open source platforms highlights the importance of robust security measures and vigilance among developers. With code serving as the backbone of modern software, these attacks can have far-reaching consequences for data privacy and cybersecurity across industries.