Topic: github actions

Sort by: Relevance | Date
  • Self-Propagating Attack Infects 187 npm Packages
    September 19, 2025
    85%

    Self-Propagating Attack Infects 187 npm Packages

    A self-propagating worm named 'Shai-Hulud' has compromised at least 187 npm packages, starting with @ctrl/tinycolor and spreading to include modules under CrowdStrike’s namespace. The malware injects malicious scripts to steal sensitive credentials using TruffleHog and creates unauthorized GitHub...

    Read More »
  • Self-Replicating Worm Infects 180+ npm Packages in Automated Attack
    September 19, 2025
    78%

    Self-Replicating Worm Infects 180+ npm Packages in Automated Attack

    A self-replicating worm named "Shai-hulud" is spreading through the npm ecosystem, infecting over 180 packages and stealing developer credentials to propagate further. The worm uses stolen authentication tokens to inject malicious code, exfiltrate sensitive data like GitHub and AWS keys, and make...

    Read More »

Related Topics

supply chain attack (12) s1ngularity attack (2) incident response (111) cybersecurity threats (68) security research (39) security recommendations (37) credential theft (35) github integration (12)