Topic: trufflehog tool

Sort by: Relevance | Date
  • NPM Malware Attack Exposed 400,000 Developer Secrets
    December 4, 2025
    80%

    NPM Malware Attack Exposed 400,000 Developer Secrets

    A malware campaign called Shai-Hulud compromised hundreds of NPM packages, exposing roughly 400,000 raw secrets from thousands of GitHub repositories, with many credentials still active and dangerous. The attack used a self-propagating payload to steal tokens and inject malicious scripts, impacti...

    Read More »
  • Trust Wallet Ties $8.5M Crypto Theft to NPM Attack
    January 3, 2026
    75%

    Trust Wallet Ties $8.5M Crypto Theft to NPM Attack

    A major security breach at Trust Wallet, linked to the "Sha1-Hulud" supply chain attack, resulted in the theft of approximately $8.5 million from over 2,500 wallets in late December. The attackers compromised the official Chrome extension by inserting malicious code, enabled by exposed developer ...

    Read More »
  • Self-Replicating Worm Infects 180+ npm Packages in Automated Attack
    September 19, 2025
    70%

    Self-Replicating Worm Infects 180+ npm Packages in Automated Attack

    A self-replicating worm named "Shai-hulud" is spreading through the npm ecosystem, infecting over 180 packages and stealing developer credentials to propagate further. The worm uses stolen authentication tokens to inject malicious code, exfiltrate sensitive data like GitHub and AWS keys, and make...

    Read More »

Related Topics

supply chain attack (2) npm registry (2) github repositories (1) browser extension (1) cybersecurity threats (1) impersonation scams (1) future attacks (1) github integration (1)