The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a ...

Regtech firm SlowMist noted that recently, the NPM ecosystem experienced another large-scale package poisoning incident.

The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a development and delivery pipeline to drop malware.

The latest attack from the self-replicating, npm-package poisoning worm can also steal credentials and secrets from AWS, ...

Shai Hulud v2 infected 500+ npm packages (700+ versions) and spilled into Java/Maven — yikes. Compromised packages run a ...

A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows ...

Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.

PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and ...

A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more destructive, creating huge numbers of malicious repositories, compromised ...

A popular JavaScript cryptography library is vulnerable in a way which could allow threat actors to break into user accounts.

A vulnerability in the 'node-forge' package, a popular JavaScript cryptography library, could be exploited to bypass ...

Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to ...