Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks 2026-06-09 at 15:21 By Ionut Arghire The most recent variants of the self-propagating attacks are named Miasma and Hades. The post Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from […]
Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks Read More »
First Shai-Hulud Worm Clones Emerge 2026-05-18 at 12:57 By Ionut Arghire At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
First Shai-Hulud Worm Clones Emerge Read More »
TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code 2026-05-15 at 14:32 By Ionut Arghire The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code Read More »
1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom 2026-05-01 at 10:33 By Ionut Arghire The compromised Lightning and Intercom packages have a combined monthly download count of nearly 10 million. The post 1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom Read More »
SAP NPM Packages Targeted in Supply Chain Attack 2026-04-30 at 17:35 By Ionut Arghire The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring. The post SAP NPM Packages Targeted in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
SAP NPM Packages Targeted in Supply Chain Attack Read More »
Bitwarden NPM Package Hit in Supply Chain Attack 2026-04-24 at 11:27 By Ionut Arghire Tied to a fresh Checkmarx supply chain attack claimed by TeamPCP, the incident references the Shai-Hulud worm. The post Bitwarden NPM Package Hit in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Bitwarden NPM Package Hit in Supply Chain Attack Read More »
New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM 2026-02-24 at 15:47 By Ionut Arghire The malicious code propagates like a worm, poisons AI assistants, exfiltrates secrets, and contains a destructive dead switch. The post New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM Read More »
Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist 2025-12-31 at 14:09 By Ionut Arghire The worm exposed Trust Wallet’s Developer GitHub secrets, allowing attackers to publish a backdoor extension and steal funds from 2,520 wallets. The post Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist appeared first on SecurityWeek.
Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist Read More »
640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack 2025-11-25 at 12:58 By Ionut Arghire The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories. The post 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack appeared first on SecurityWeek. This article is an
640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack Read More »
Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit 2025-09-17 at 16:04 By Ionut Arghire The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public. The post Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit
Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit Read More »