News
The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...
Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...
Agent Payment Protocol, a new open source standard from Google and 60 other payment players, aims to make transactions made ...
CrowdStrike, a cybersecurity company, is grappling with a self-replicating worm named Shai-Hulud that has compromised numerous code packages.
Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that ...
Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...
The round, which brought the two-year-old startup’s total funding to $88 million, was led by Scale Venture Partners.
The malicious JavaScript code ("bundle.js") injected into each of the trojanized package is designed to download and run ...
In a similar style to the Nx attack, the payload then publishes a new repo via the victim's GitHub account, dropping stolen ...
The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback