Submission + - Shai-Hulud: The novel self-replicating worm infecting hundreds of NPM packages (sysdig.com) 1
alternative_right writes: On September 15, 2025, an engineer discovered a supply chain attack against the NPM repository. Unlike previous NPM attacks, this campaign used novel, self-propagating malware (also known as a worm) to continue spreading itself. At the time of this writing, approximately 200 infected packages have been identified, including several repositories such as the popular @ctrl/tinycolor and multiple owned by CrowdStrike.
Once executed, this novel worm — dubbed Shai-Hulud — steals credentials, exfiltrates them, and attempts to find additional NPM packages in which to copy itself. The malicious code also attempts to leak data on GitHub by making private repositories public.
Once executed, this novel worm — dubbed Shai-Hulud — steals credentials, exfiltrates them, and attempts to find additional NPM packages in which to copy itself. The malicious code also attempts to leak data on GitHub by making private repositories public.
Defend1ng Cr0wd$trike (Score:2)
We in tech know what a forensic investigation looks like, they have sold us the Russians/Ukrainians/Chinese/N Koreans/Iranians hacked the important political people so many times, and NEVER EVER say something like western actors either purposely or accidently hit the wrong target, and that intrusion was aimed at something else, but dam the zero day works on everything. Surely the FBI, CIA, DOJ never fat fingered a