Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a ...
The return of the Shai-Hulud supply chain attack was dubbed 'The Second Coming' shortly after the first warning about it on ...
Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to ...
The Register on MSN
PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle
Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever ...
How-To Geek on MSN
NPM packages are infected with malware, again
Shai Hulud v2 infected 500+ npm packages (700+ versions) and spilled into Java/Maven — yikes. Compromised packages run a preinstall loader that downloads Bun and executes a 10MB obfuscated payload ...
Regtech firm SlowMist noted that recently, the NPM ecosystem experienced another large-scale package poisoning incident.
Node.js developers, run NPM install at your own risk -- a self-replicating worm can easily spread through the ecosystem Never assume a file downloaded from the Internet is safe. That warning also ...
The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.
The disclosure comes as HelixGuard discovered a malicious package in PyPI named "spellcheckers" that claims to be a tool for checking spelling errors using OpenAI Vision, but contains malicious code ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback