The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early ...
A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
Rust developers now can automatically publish all crates in a workspace in the correct order, without manually ordering ...
A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...
A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...
The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...
The first preview of Visual Studio 2026, with deeper GitHub Copilot AI integration, is available through Microsoft’s new ...
CountLoader enables Russian ransomware gangs to deploy Cobalt Strike and PureHVNC RAT via Ukraine phishing campaigns.
A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of secrets.
An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback