Halud, is compromising hundreds of NPM packages, spreading self-replicating malware, exfiltrating data, and turning private ...

A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

A malicious npm package named Fezbox has been found using an unusual technique to conceal harmful code. The package employs a ...

A new piece of malware is spreading through the popular tinycolor NPM library and more than 300 other packages, some of which ...

Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that ...

Researchers at Socket, a cybersecurity firm specializing in protection against supply chain attacks, and crypto security ...

An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has ...

GitHub has unveiled a comprehensive plan to improve npm (Node Package Manager) security. The measures are a direct response to the major npm attack in mid-September, in which self-replicating malware ...

Inspect your GitHub account for a repository named “Shai-Hulud.” The malware automatically creates this repo to store exfiltrated secrets. If it exists, remove it immediately, and carefully review its ...