An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has ...

"After detecting several malicious Node Package Manager (NPM) packages in the public NPM registry, a third-party open source ...

Halud, is compromising hundreds of NPM packages, spreading self-replicating malware, exfiltrating data, and turning private ...

CrowdStrike, a cybersecurity company, is grappling with a self-replicating worm named Shai-Hulud that has compromised numerous code packages.

Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that ...

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.

Two billion downloads per week. That’s the download totals for the NPM packages compromised in a supply-chain attack this ...

An elevation of privilege vulnerability in the Windows NTLM authentication protocol and a flaw in Office’s Preview Pain are ...

Zighra is a leading provider of On-Device AI solutions for continuous authentication and fraud detection on mobile and web applications. Brighterion solutions stop payment and acquirer fraud, reduce ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...