A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...
An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...
A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel series — because it publishes any stolen credentials in a new public GitHub ...
Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...
Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.
"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
Hardly a week goes by that there isn’t a story to cover about malware getting published to a repository. Last week it was millions of downloads on NPM, but this week it’s something ...
Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...
On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
In a similar style to the Nx attack, the payload then publishes a new repo via the victim's GitHub account, dropping stolen ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback