Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...
Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...
"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...
"After detecting several malicious Node Package Manager (NPM) packages in the public NPM registry, a third-party open source ...
Inspect your GitHub account for a repository named “Shai-Hulud.” The malware automatically creates this repo to store exfiltrated secrets. If it exists, remove it immediately, and carefully review its ...
Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...
A new piece of malware is spreading through the popular tinycolor NPM library and more than 300 other packages, some of which ...
An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has ...
According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...
The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback