JavaScript Repository Contends With Wormable Malicious Code. An apparent Dune aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has called one of the most severe JavaScript supply-chain attacks so far. A malicious script exfiltrated data to GitHub repositories named Shai-Hulud.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/shai-hulud-burrows-into-npm-repository-a-29469
