A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...
Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...
A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...
Halud, is compromising hundreds of NPM packages, spreading self-replicating malware, exfiltrating data, and turning private ...
The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
"After detecting several malicious Node Package Manager (NPM) packages in the public NPM registry, a third-party open source ...
On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
Hardly a week goes by that there isn’t a story to cover about malware getting published to a repository. Last week it was ...
A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...
“The compromised account belonged to a well-known JavaScript developer,” Guillemet said, noting how widely used open-source ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback