资讯

SecurityWeek

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...
NewsBytes

Shai-Hulud worm infects 25 npm packages, including CrowdStrike's

CrowdStrike, a cybersecurity company, is grappling with a self-replicating worm named Shai-Hulud that has compromised numerous code packages.
TestingCatalog

Google unveils AP2 open protocol for agent payments

What's new? Google launches agent payments protocol (AP2) on GitHub for cross-platform payments; AP2 uses cryptographic ...
CSO Online

Warning: Hackers have inserted credential-stealing code into some npm libraries

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...
Security Boulevard

Shai-Hulud: A Persistent Secret Leaking Campaign

On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The ...
The Register on MSN

Self-propagating worm fuels latest npm supply chain compromise

Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with ...
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
Krebs on Security

Tag Archives: StepSecurity

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...