Element-data, an open source package downloaded 1 million times monthly, was found stealing user credentials. Users of the library should immediately check for signs of compromise.
Security researchers discovered that element-data, a widely-used open source package, contained malicious code designed to harvest user credentials. The package, which maintains approximately 1 million monthly downloads, had been compromised without the knowledge of its users or maintainers.
■ The Breach
The malicious code embedded in element-data was designed to exfiltrate sensitive user authentication data. The exact scope of affected versions and the duration of the compromise remain under investigation.
■ What You Should Do
Users of element-data should take immediate action:
- Audit your systems: Check for unauthorized access or activity on accounts that may have used this package
- Rotate credentials: Change passwords and regenerate API keys for any services accessed by applications using element-data
- Update immediately: Remove the compromised package and update to a patched version when available
- Review logs: Examine application logs for suspicious activity dating back to when the package was first installed
■ Impact
The large download volume means the potential impact is significant. Any application or service that incorporated element-data could have been affected. Organizations using this package in production environments face particular risk.
■ Next Steps
Maintainers have been notified and are working to remediate the issue. Additional details about the compromise timeline and affected versions are expected as the investigation progresses. Users should monitor official package repositories and security advisories for updates.
This incident underscores the risks inherent in open source software supply chains, where popular packages can reach millions of users before security issues are detected.
Fraudsters are creating convincing counterfeit news articles impersonating major publishers like the Guardian to direct social media users to bogus investment sites. The fake stories feature fabricated celebrity endorsements and financial narratives designed to establish credibility.
A security analysis reveals xAI's Grok Build command-line tool transmits complete source code and project files to xAI's servers. The discovery raises data privacy questions for developers using the tool.
A Cambridge study reveals that terrorist organizations including Boko Haram and ISIS are using ChatGPT, Claude, and Gemini to plan attacks and develop weapons. Safety filters designed to prevent such misuse have repeatedly failed.
The Australian Cyber Security Centre has issued an alert about coordinated exploitation of vulnerable content management systems and plugins worldwide. The campaign targets organizations using outdated or unpatched CMS software.