Published 2 days ago • loading... • Updated 1 day ago

Details on the Npm Shai-Hulud Worm Supply Chain Attack

Kaspersky Threat Research has conducted an analysis of the Shai-Hulud worm’s patient zero package, providing insights into how the self-replicating malware launched its widespread supply chain attack on the npm ecosystem. According to the latest Kaspersky research, the Shai-Hulud worm infected 190 unique packages across 530 total package versions – indicating that many packages had multiple compromised versions published during the attack. The S…

3 Articles

20minutos

Center

A New Malware Checks Your Security: Shai-Hulud Steals Passwords without You Noticing

A new worm-like malware, called Shai-Hulud—referring to the famous Dune saga creature—has put in check the security of the tools that companies use daily.This type of malware automatically spreads and infiltrates into software distribution platforms like npm because, once installed on victims' devices, it steals passwords and sensitive information.Unlike other malware, Shai-Hulud makes the affected new emitters of the attack and multiplies its r…

1 day ago·Madrid, Spain

Read Full Article

DevOps.com

Worms in the Supply Chain: Shai-Hulud and the Next DevOps Reckoning

DevOps was supposed to make software delivery faster, safer and more reliable. For the most part, it has. But every so often, something nasty crawls out of the shadows and reminds us how fragile the system really is. It wasn’t a zero-day in Kubernetes or a cloud misconfiguration that caught my eye. It was a […]

2 days ago

Read Full Article