A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...
The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...
Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...
A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
Inspect your GitHub account for a repository named “Shai-Hulud.” The malware automatically creates this repo to store exfiltrated secrets. If it exists, remove it immediately, and carefully review its ...
An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...
Malicious NPM packages pretending to be Roblox libraries are delivering ransomware and password-stealing trojans on unsuspecting users. After the malicious NPM libraries are added to a project and ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback