Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...

"As a new and significantly more aggressive wave of npm supply chain malware, Shai-Hulud 2 combines stealthy execution, ...

A popular JavaScript cryptography library is vulnerable in a way which could allow threat actors to break into user accounts.

Shai Hulud v2 infected 500+ npm packages (700+ versions) and spilled into Java/Maven — yikes. Compromised packages run a ...

A vulnerability in the 'node-forge' package, a popular JavaScript cryptography library, could be exploited to bypass ...

Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.

Shai Hulud malware has infected hundreds of NPM libraries, including major ENS and crypto packages, triggering a JavaScript ...

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, ...

A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows ...

A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more ...

A researcher reported that more than 400 NPM libraries, including a cluster of ENS-linked crypto packages, were breached by ...