"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.

Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...

Reports surfaced that the widely used npm package @ctrl/tinycolor had been compromised by Wormable Malware as part of a ...

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel self-replicating credential-stealing code in yet another wave of a supply chain ...

Plus: An investigation reveals how US tech companies reportedly helped build China’s sweeping surveillance state, and two ...

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel series — because it publishes any stolen credentials in a new public GitHub ...

Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.

Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that ...

An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has ...

CrowdStrike, a cybersecurity company, is grappling with a self-replicating worm named Shai-Hulud that has compromised numerous code packages.