Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...
The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, ...
2don MSNOpinion
Shai-Hulud worm returns, belches secrets to 25K GitHub repos
Following the first Shai-Hulud attacks, which infected more than 500 packages in total, and GitHub having to scour its users' ...
"As a new and significantly more aggressive wave of npm supply chain malware, Shai-Hulud 2 combines stealthy execution, ...
Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.
The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own name.
How-To Geek on MSN
NPM packages are infected with malware, again
Shai Hulud v2 infected 500+ npm packages (700+ versions) and spilled into Java/Maven — yikes. Compromised packages run a ...
Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...
A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more ...
A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows ...
On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials ...
Each infected version has the ability to automatically spread itself to thousands of other repositories without any human ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback