"Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack, with a malicious self-propagating payload to infect other packages. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the compromise of the @ctrl/tinycolor npm package, which receives over 2 million weekly downloads. Since then, the campaign has expanded significantly and now includes packages published under CrowdStrike's npm namespace."
"The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the compromise of the @ctrl/tinycolor npm package, which receives over 2 million weekly downloads. Since then, the campaign has expanded significantly and now includes packages published under CrowdStrike's npm namespace. Yesterday, Daniel Pereira, a senior backend software engineer, alerted the community to a large-scale software supply chain attack affecting the world's largest JavaScript registry, npmjs.com."
At least 187 npm packages were compromised in an ongoing supply chain attack delivering a malicious self-propagating payload designed to infect other packages. The campaign operates in a coordinated, worm-style manner under the name 'Shai-Hulud'. The attack began with the compromise of the @ctrl/tinycolor package, which receives over two million weekly downloads, and has since expanded to include packages published under CrowdStrike's npm namespace. The compromise affects the npm registry and poses risks to projects depending on infected packages. The incident remains ongoing and is being tracked by the security community.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]