A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...
A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...
The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...
GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.
Hardly a week goes by that there isn’t a story to cover about malware getting published to a repository. Last week it was ...
Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.
On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
In a similar style to the Nx attack, the payload then publishes a new repo via the victim's GitHub account, dropping stolen ...
Two billion downloads per week. That’s the download totals for the NPM packages compromised in a supply-chain attack this ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback