Tech Desk 
Oct 01, 2025
The National Computer Emergency Response Team (NCERT) has issued a high-severity advisory after attackers compromised the account of a well-known developer and injected tainted code into popular software packages.
The breach reported on September 8, 2025, involved tainted versions of debug, chalk, ansi-styles, and strip-ansi, tools used in thousands of apps and services, from small websites to large enterprise systems, globally.
Due to these packages being deep within the software supply chain, the incident poses the risk of a widespread compromise.
Organisations utilising automatic updates were impacted the most because of the infected version running, unobserved, within apps.
NCERT urged all developers and firms to update immediately to safe versions, rebuild impacted applications, and change sensitive credentials, including passwords and API keys, as soon as possible.
“Upgrade now, reset sensitive information, and prepare for future supply chain attacks,” NCERT warned in its closing note.
NCERT's recommendation also included turning off automatic updates until systems can be secured. NCERT emphasised the importance of multi-factor authentication, continuous monitoring of build systems, and a tighter security review of software updates for long-term resilience.
