Halud, is compromising hundreds of NPM packages, spreading self-replicating malware, exfiltrating data, and turning private ...
"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...
On September 8, several popular npm packages were compromised after a successful phishing attack on a maintainer account.
NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by ...
On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...
Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.
The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel series — because it publishes any stolen credentials in a new public GitHub ...
Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...
Same here. Even though the script claims to find python3 it then seems to call python for some reason (which doesn't exist on many distros anymore). If you're on Ubuntu you can try sudo apt-get ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback