The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ‘the JavaScript ecosystem deserves better.’ Javascript developers should ...
SecurityWeek

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories. Approximately 640 NPM packages have been infected with a ...
bankinfosecurity

Automated Shai Hulud Infects Thousands of NPM Repositories

The Dune-inspired Shai Hulud has returned in a weaponized upgrade, unleashing an automated supply chain worm that's infected over 25,000 npm repositories, tied to hundreds of maintainers. See Also: ...
thecyberexpress

New Shai-Hulud Attack Hits Nearly 500 npm Packages with 100+ Million Downloads

A new Shai-Hulud supply chain attack has hit nearly 500 npm packages with a total of 132 million monthly downloads. The latest campaign follows one in September that infected nearly 200 npm packages ...
cryptonews

Massive NPM Supply-Chain Attack Targets ENS-Linked Libraries in Shai Hulud Breach

A major NPM supply-chain attack has compromised ENS-linked libraries and 490 packages with 132 million monthly downloads, deploying malware that steals developer credentials across crypto platforms. A ...
Infosecurity-magazine.com

“IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages

Security researchers have uncovered another large-scale, coordinated attack on the npm ecosystem, using worm-like techniques to spread spam packages. Dubbed “IndonesianFoods” due to the unique naming ...
ZDNet

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

A phishing email was at the heart of the attack. NPM team quickly removed backdoored versions. 18 packages hit, with 2B+ downloads every week. A new digital supply chain attack has targeted popular ...
TheStreet.com

Massive NPM crypto hack drained only $50

Cybercriminals hacked 18 NPM packages of a well-known developer to conceal malware. The breach affected several leading blockchains. Crypto users area take extreme caution. The recent attack on the ...
cryptonews

Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries

Hackers exploit Ethereum smart contracts to inject malware into popular NPM coding libraries including "colortoolsv2" and "mimelib2" packages that conceal malicious commands. Hackers are now ...
CSOonline

Supply chain attack compromises npm packages to spread backdoor malware

In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing utilities, several of which were successfully compromised to distribute malware.