#credential-stealing

[ follow ]
#software-supply-chain-attacks #npm-package-compromise #mini-shai-hulud #data-visualization-libraries
Information security
fromThe Hacker News
2 days ago

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

A compromised npm maintainer account pushed trojanized @antv and related packages, embedding credential-stealing code and creating significant downstream exposure for auto-updating dependencies.
Information security
fromtheregister
2 days ago

Shai-Hulud copycat worm infects yet another npm package

A Shai-Hulud credential-stealing worm clone appeared in a malicious npm package, alongside three other infostealer packages from the same npm user.
fromInfoWorld
5 months ago

New Shai-Hulud worm spreading through npm, GitHub

A new version of the Shai-Hulud credentials-stealing self-propagating worm is expanding through the open npm registry, a threat that developers who download packages from the repository have to deal with immediately. Researchers at Wiz Inc. said Monday that in the early stages of the campaign late last week,a thousand new GitHub repositories containing harvested victim data were being added every 30 minutes. And researchers at JFrog identified 181 compromised packages.
Information security
[ Load more ]