Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...

Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that ...

In a supply chain attack, the trending npm package, @ctrl/tinycolor, was in the target. Dastardly versions steal secrets through TruffleHog scanning.

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

Your weekly strategic brief on the cyber threat landscape. Uncover the deeper patterns behind attacks, from bootkit malware ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep ...

Hackers hijacked NPM libraries in a massive supply chain attack, injecting malware that swaps crypto wallet addresses to steal funds.

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...