The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel series — because it publishes any stolen credentials in a new public GitHub ...

"After detecting several malicious Node Package Manager (NPM) packages in the public NPM registry, a third-party open source ...

Process improvements and a closer look at funding streams will provide far more protection for the open source software we ...

The vendor was one of a many whose code modules were infected by a never before seen strand of malware known as "Shai-Hulud." ...

A new piece of malware is spreading through the popular tinycolor NPM library and more than 300 other packages, some of which ...

Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that ...

In a similar style to the Nx attack, the payload then publishes a new repo via the victim's GitHub account, dropping stolen ...

CrowdStrike, a cybersecurity company, is grappling with a self-replicating worm named Shai-Hulud that has compromised numerous code packages.

Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.

Security experts have warned that a newly discovered supply chain attack targeting npm packages is still active and may ...

Hackers hijacked NPM libraries in a massive supply chain attack, injecting malware that swaps crypto wallet addresses to steal funds.