News

Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
ZDNet

GitHub launches Package Registry to easily generate packages from your code

Code hosting website GitHub announced today a new service for its customers that will allow developers and organizations an easy way to generate "packages" from their code. Packages are ...
InfoWorld

GitHub launches GitHub Package Registry

GitHub has introduced the GitHub Package Registry, a package management service integrated into GitHub that allows developers to publish private or public packages next to their source code. GitHub ...

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...
NewsBytes

Shai-Hulud worm infects 25 npm packages, including CrowdStrike's

CrowdStrike, a cybersecurity company, is grappling with a self-replicating worm named Shai-Hulud that has compromised numerous code packages.

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...
ZDNet

GitHub tackles severe vulnerabilities in Node.js packages

GitHub has resolved numerous vulnerabilities in Node.js packages tar and @npmcli/arborist, with the worst allowing file overwrites and arbitrary code execution. On Wednesday, GitHub said the company ...
Krebs on Security

Tag Archives: Shai-Hulud worm

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...