Arabian Post

Massive npm-Based Phishing Network Exposed Under “Beamglea” Campaign

A worm-like campaign named Shai-Hulud has been flagged, targeting widely used packages and propagating itself by harvesting secrets and inserting backdoors. It operates across npm accounts, installing ...
The Hacker News

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to ...

After major npm attack: Github tightens security measures

GitHub has unveiled a comprehensive plan to improve npm (Node Package Manager) security. The measures are a direct response to the major npm attack in mid-September, in which self-replicating malware ...
InfoWorld

NPM attacks and the security of software supply chains

If you needed another reminder that our software supply chains are only as strong as their smallest link, the JavaScript ecosystem delivered it. In early September, attackers phished the NPM account ...
techjuice.pk

Massive npm Supply-Chain Attack: Shai-Hulud Worm Infects Over 180 Packages

A new, alarming software supply-chain attack dubbed ‘Shai-Hulud’ has been uncovered targeting the JavaScript npm ecosystem. Researchers from several security firms, including Palo Alto Networks Unit ...
cybernews

Hundreds of NPM packages compromised as ongoing supply chain attack snowballs out of control

Hundreds of compromised NPM packages have already been found, and the list continues to grow as a major supply chain attack spreads malware. Developers are urged to be extremely cautious after hackers ...
SecurityWeek

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public. More than 180 NPM packages were hit in a fresh supply chain ...
TechRadar

A terrifying, self-replicating malwaere has infected npm packages with over 2 million downloads per week - here's how to stay safe

A new supply-chain attack compromised at least 187 npm packages, targeting developer secrets across software projects Shai-Hulud worm looks to steal credentials, modify packages, and spread malware ...
Infosecurity-magazine.com

Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets

For the third time in just a few weeks, experts are warning of a significant threat to the open source npm ecosystem, after discovering a first-of-its-kind worm designed to steal secrets. On Monday, ...
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...
PC World

Windows 11’s September update is borked, won’t install for some users

Last week, Microsoft released an important Windows 11 patch known as update KB5065426. Unfortunately, it didn’t take long for error reports to start pouring in from ...
BGR

How To Download And Install iOS 26 On Your iPhone

After three months of beta testing, Apple is finally releasing iOS 26 to iPhone users today. Going by past years' trends, the update should be available around 1 PM ET, along with the official ...