Techzine Europe

Shai-Hulud 2.0’s impact appears vast as NPM ecosystem struggles to cope

The NPM ecosystem is once again facing a serious supply chain attack. While the previous Shai-Hulud infection was mainly ...
Security Boulevard

FAQ About Sha1-Hulud 2.0: The “Second Coming” of the npm Supply-Chain Campaign

Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to ...
Dark Reading

DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory

North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to ...
How-To Geek on MSN

NPM packages are infected with malware, again

Shai Hulud v2 infected 500+ npm packages (700+ versions) and spilled into Java/Maven — yikes. Compromised packages run a preinstall loader that downloads Bun and executes a 10MB obfuscated payload ...
CSOonline

New Shai-Hulud worm spreading through npm, GitHub

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers. A new version of the Shai-Hulud credentials-stealing ...
CSO Online

Contagious Interview attackers go ‘full stack’ to fool developers

The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a development and delivery pipeline to drop malware.