The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a ...

Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.

The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a development and delivery pipeline to drop malware.

A new attempt to influence AI-driven security scanners has been identified in a malicious npm package. The package, ...

"As a new and significantly more aggressive wave of npm supply chain malware, Shai-Hulud 2 combines stealthy execution, ...

A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows ...

Each infected version has the ability to automatically spread itself to thousands of other repositories without any human ...

Regtech firm SlowMist noted that recently, the NPM ecosystem experienced another large-scale package poisoning incident.

Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to ...

A second wave of the Shai-Hulud supply-chain attack has struck the npm software ecosystem, affecting more than 25,000 ...

This week, a recently fixed Oracle flaw is being actively exploited, Shelly tackled Pro 4PM DoS bug, "Shai-Hulud 2.0" hit npm ...

A large-scale cyberattack has once again hit the NPM ecosystem. Following the first Shai-Hulud worm in September, more than 1 ...