Each infected version has the ability to automatically spread itself to thousands of other repositories without any human ...

Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...

Shai Hulud's automated and aggressive upgrade is spawning more than 1,000 malicious npm repositories every 30 minutes, ...

A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows ...

The Shai-Hulud supply chain attack campaign, responsible for compromising hundreds of CrowdStrike’s NPM packages in September ...

A major JavaScript supply-chain attack has compromised hundreds of software packages — including at least 10 used widely ...

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, ...

A large-scale cyberattack has once again hit the NPM ecosystem. Following the first Shai-Hulud worm in September, more than 1 ...

Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...

Shai Hulud v2 infected 500+ npm packages (700+ versions) and spilled into Java/Maven — yikes. Compromised packages run a ...

Charlie Eriksen, a researcher at Aikido, identified the infected libraries and confirmed each detection manually to minimize ...