21:04
2026-04-27
arstechnica.com
open-source
Open source package with 1 million monthly downloads stole user credentials
A threat actor compromised the open-source package element-data, which has over 1 million monthly downloads, by exploiting a vulnerability in a GitHub action to steal signing keys and account tokens. โฆ