Topic: npm packages

Sort by: Relevance | Date
  • Self-Propagating Attack Infects 187 npm Packages
    September 19, 2025
    95%

    Self-Propagating Attack Infects 187 npm Packages

    A self-propagating worm named 'Shai-Hulud' has compromised at least 187 npm packages, starting with @ctrl/tinycolor and spreading to include modules under CrowdStrike’s namespace. The malware injects malicious scripts to steal sensitive credentials using TruffleHog and creates unauthorized GitHub...

    Read More »
  • NPM Supply-Chain Attack Thwarted: Hackers Foiled
    September 12, 2025
    90%

    NPM Supply-Chain Attack Thwarted: Hackers Foiled

    A massive supply-chain attack on the NPM ecosystem was quickly neutralized, preventing a catastrophic security incident despite malicious updates reaching 10% of cloud environments. The attack began with a phishing compromise of a maintainer account, allowing tainted updates to widely used packag...

    Read More »
  • Malicious npm Packages Target Ethereum Smart Contracts
    September 5, 2025
    90%

    Malicious npm Packages Target Ethereum Smart Contracts

    A new wave of malicious npm packages uses Ethereum smart contracts to hide command-and-control infrastructure, making detection more difficult. Attackers also created fake GitHub repositories with artificially inflated metrics to appear legitimate and target cryptocurrency developers. This campai...

    Read More »

Related Topics

incident response (65) security recommendations (25) security research (18) supply chain attack (11) Supply Chain Attacks (10) cryptocurrency theft (8) detection evasion (7) software supply chain (5)