Security researchers at Aikido on Sunday uncovered an apparently new Shai Hulud variant, uploaded to npm through a GitHub repository called @vietmoney/react-big-calendar. Shai Hulud is the moniker for ...

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. The ...

Shai-Hulud is the worst-ever npm JavaScript attack. This software supply chain worm attack is still ongoing. Here are some ways you can prevent such attacks. For those of you who aren't Dune fans, ...

An apparent "Dune" aficionado is responsible for perpetrating the first self-propagating attack on the npm JavaScript repository in what a security company has described as being one of the most ...

An apparent "Dune" aficionado is responsible for perpetrating the first self-propagating attack on the npm JavaScript repository in what a security company has described as being one of the most ...

Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer's account was compromised in a phishing attack. The attack targeted Josh Junon (aka Qix), who ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack. In the emails, the ...

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.

The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...