"As a new and significantly more aggressive wave of npm supply chain malware, Shai-Hulud 2 combines stealthy execution, ...

A vulnerability in the 'node-forge' package, a popular JavaScript cryptography library, could be exploited to bypass ...

Shai Hulud v2 infected 500+ npm packages (700+ versions) and spilled into Java/Maven — yikes. Compromised packages run a ...

A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more ...

A second wave of the Shai-Hulud supply-chain attack has struck the npm software ecosystem, affecting more than 25,000 ...

Each infected version has the ability to automatically spread itself to thousands of other repositories without any human ...

Shai Hulud's automated and aggressive upgrade is spawning more than 1,000 malicious npm repositories every 30 minutes, ...

A large-scale cyberattack has once again hit the NPM ecosystem. Following the first Shai-Hulud worm in September, more than 1 ...

Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.

A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows ...

The Shai-Hulud supply chain attack campaign, responsible for compromising hundreds of CrowdStrike’s NPM packages in September ...

Latest hacking campaign targeting GitHub npm repositories can self-propagate, wipe data, and hide more effectively, experts ...