Among the compromised npm packages are those from cybersecurity experts CrowdStrike, as well as others with millions of ...
"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...
A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
Reports surfaced that the widely used npm package @ctrl/tinycolor had been compromised by Wormable Malware as part of a ...
A new piece of malware is spreading through the popular tinycolor NPM library and more than 300 other packages, some of which ...
In a similar style to the Nx attack, the payload then publishes a new repo via the victim's GitHub account, dropping stolen ...
The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...
Inspect your GitHub account for a repository named “Shai-Hulud.” The malware automatically creates this repo to store exfiltrated secrets. If it exists, remove it immediately, and carefully review its ...
In a supply chain attack, the trending npm package, @ctrl/tinycolor, was in the target. Dastardly versions steal secrets through TruffleHog scanning.
Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback