Tag: worm
-
ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts”, and 15 More Stories
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other.Here’s a quick rundown of the latest cyber stories that show how fast the game keeps changing. DeFi exploit drains funds Critical…
-
Shai-hulud 2.0 Variant Threatens Cloud Ecosystem
The latest attack from the self-replicating, npm-package poisoning worm can also steal credentials and secrets from AWS, Google Cloud Platform, and Azure. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/shai-hulud-variant-cloud-ecosystem
-
âš¡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Hackers aren’t kicking down the door anymore. They just use the same tools we use every day, code packages, cloud accounts, email, chat, phones, and “trusted” partners, and turn them against us.One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone,…
-
PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle
Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm First seen on theregister.com Jump to article: www.theregister.com/2025/11/28/posthog_shaihulud/
-
Shai Hulud v2 Exploits GitHub Actions to Steal Secrets
A sophisticated supply chain attack has compromised hundreds of npm packages and exposed secrets from tens of thousands of GitHub repositories, with cybersecurity researchers now documenting how attackers weaponized GitHub Actions workflows to bootstrap one of the most aggressive worm campaigns in recent memory. On November 24, 2025, at 4:11 AM UTC, malicious versions of…
-
Neue Variante des Shai-Hulud Worm – Supply-Chain-Angriff trifft ĂĽber 1.000 npm-Pakete
First seen on security-insider.de Jump to article: www.security-insider.de/npm-pakete-supply-chain-angriff-malware-infektion-a-7058d3a07ba5184bbd66002da6001877/
-
Sha1-Hulud Attack Hits 800+ npm Packages and Thousands of GitHub Repos
Shai-Huluda, a self-replicating npm worm named after the sandworms in Dune, had struck again. This time, the attack was devastating in scale and sophistication, compromising over 800 npm packages with a combined 132 million monthly downloads across the ecosystem. The timing proved particularly strategic. The attack occurred just weeks before npm’s December 9 deadline to…
-
Sha1-Hulud Attack Hits 800+ npm Packages and Thousands of GitHub Repos
Shai-Huluda, a self-replicating npm worm named after the sandworms in Dune, had struck again. This time, the attack was devastating in scale and sophistication, compromising over 800 npm packages with a combined 132 million monthly downloads across the ecosystem. The timing proved particularly strategic. The attack occurred just weeks before npm’s December 9 deadline to…
-
Sha1-Hulud Attack Hits 800+ npm Packages and Thousands of GitHub Repos
Shai-Huluda, a self-replicating npm worm named after the sandworms in Dune, had struck again. This time, the attack was devastating in scale and sophistication, compromising over 800 npm packages with a combined 132 million monthly downloads across the ecosystem. The timing proved particularly strategic. The attack occurred just weeks before npm’s December 9 deadline to…
-
New Shai-Hulud Worm Spells Trouble For npm Users
Tags: wormA new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/new-shaihulud-worm-trouble-npm/
-
Shai-Hulud worm returns stronger and more automated than ever before
Self-replicating malware has infected almost 500 open-source packages, exposing more than 26,000 GitHub repositories in less than 24 hours. First seen on cyberscoop.com Jump to article: cyberscoop.com/supply-chain-attack-shai-hulud-npm/
-
Shai-Hulud worm returns stronger and more automated than ever before
Self-replicating malware has infected almost 500 open-source packages, exposing more than 26,000 GitHub repositories in less than 24 hours. First seen on cyberscoop.com Jump to article: cyberscoop.com/supply-chain-attack-shai-hulud-npm/
-
Infamous Shai-hulud Worm Resurfaces From the Depths
This campaign introduces a new variant that executes malicious code during preinstall, significantly increasing potential exposure in build and runtime environments, researchers said. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/infamous-shai-hulud-worm-resurfaces-from-depths
-
Shai Hulud npm Worm Impacts 26,000+ Repos in Supply Chain Attack
The Shai Hulud worm’s “Second Coming” has compromised over 26,000 public repositories. We detail the attacker’s mistake, the target packages, and mandatory security tips. First seen on hackread.com Jump to article: hackread.com/shai-hulud-npm-worm-supply-chain-attack/
-
Shai Hulud npm Worm Infects 19,000 Packages in Major Supply Chain Attack
The Shai Hulud worm’s “Second Coming” has compromised over 19,000 public repositories. We detail the attacker’s mistake, the target packages, and mandatory security tips. First seen on hackread.com Jump to article: hackread.com/shai-hulud-npm-worm-supply-chain-attack/
-
Shai-Hulud worm returns, belches secrets to 25K GitHub repos
Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/shai_hulud_npm_worm/
-
WhatsApp ‘Eternidade’ Trojan Self-Propagates Through Brazil
The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/whatsapp-eternidade-trojan-self-propagates-brazil
-
IndonesianFoods worm: a massive spam campaign in the npm ecosystem
First seen on scworld.com Jump to article: www.scworld.com/brief/indonesianfoods-worm-uncovering-a-massive-spam-campaign-in-the-npm-ecosystem
-
Spam flooding npm registry with token stealers still isn’t under control
Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, spam, supply-chain, threat, tool, wormCSO that number has now grown to 153,000.And while this payload merely steals tokens, other threat actors are paying attention, said Sonatype CTO Brian Fox.When Sonatype wrote about the campaign just over a year ago, it found a mere 15,000 packages that appeared to come from a single person.With the swollen numbers reported this week,…
-
Worm flooding npm registry with token stealers still isn’t under control
Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, supply-chain, threat, tool, wormCSO that number has now grown to 153,000.”It’s unfortunate that the worm isn’t under control yet,” said Sonatype CTO Brian Fox.And while this payload merely steals tokens, other threat actors are paying attention, he predicted.”I’m sure somebody out there in the world is looking at this massively replicating worm and wondering if they can ride…
-
New ‘IndonesianFoods’ worm floods npm with 100,000 packages
A self-spreading package published on npm spams the registry by spawning new packages every every seven seconds, creating large volumes of junk. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-indonesianfoods-worm-floods-npm-with-100-000-packages/
-
“IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages
A new npm worm dubbed “IndonesianFoods” has doubled the number of known malicious packages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/indonesianfoods-npm-worm-44000/
-
Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two Years
Security researcher Paul McCarty has uncovered a massive coordinated spam campaign targeting the npm ecosystem. The IndonesianFoods worm, comprising over 43,000 malicious packages published across at least 11 user accounts, remained active in the registry for nearly two years before detection. The campaign derives its distinctive name from its unique package naming scheme. The embedded…
-
Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort.”The packages were systematically published over an extended period, flooding the npm registry with junk packages that survived in the ecosystem for almost two…
-
Over 46,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort.”The packages were systematically published over an extended period, flooding the npm registry with junk packages that survived in the ecosystem for almost two…
-
How GlassWorm wormed its way back into developers’ code, and what it says about open source security
Tags: access, ai, attack, blockchain, ciso, control, credentials, crypto, cybersecurity, data, data-breach, endpoint, exploit, framework, github, google, infrastructure, law, malicious, malware, marketplace, monitoring, open-source, resilience, service, software, supply-chain, threat, tool, update, wormadhamu.history-in-sublime-merge (downloaded 4,000 times)ai-driven-dev.ai-driven-dev (downloaded 3,300 times)yasuyuky.transient-emacs (downloaded 2,400 times)All three GlassWorm extensions are “still literally invisible” in code editors, the researchers note. They are encoded in unprintable Unicode characters that look like blank space to the human eye, but execute as JavaScript.The attackers have posted new transactions to the Solana blockchain that outline updated…
-
How GlassWorm wormed its way back into developers’ code, and what it says about open source security
Tags: access, ai, attack, blockchain, ciso, control, credentials, crypto, cybersecurity, data, data-breach, endpoint, exploit, framework, github, google, infrastructure, law, malicious, malware, marketplace, monitoring, open-source, resilience, service, software, supply-chain, threat, tool, update, wormadhamu.history-in-sublime-merge (downloaded 4,000 times)ai-driven-dev.ai-driven-dev (downloaded 3,300 times)yasuyuky.transient-emacs (downloaded 2,400 times)All three GlassWorm extensions are “still literally invisible” in code editors, the researchers note. They are encoded in unprintable Unicode characters that look like blank space to the human eye, but execute as JavaScript.The attackers have posted new transactions to the Solana blockchain that outline updated…