Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud...

The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the...

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware...

A large-scale npm supply chain attack has compromised multiple widely used packages within the @antv ecosystem, to investigate what appears to be an...

A new supply chain attack dubbed Mini Shai-Hulud has compromised more than 400 malicious versions across 170 software packages, with high-profile...

Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new...

Shai-Hulud is a major cybersecurity threat targeting the open-source software supply chain. Security researchers are raising alarms over...

A dangerous new piece of malware called Shai-Hulud has emerged as one of the most alarming supply chain threats of 2026. It is a self-propagating worm...

Since the last update, the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confirmed...

A new supply chain attack campaign targeting developers has surfaced in the npm ecosystem, with four malicious packages discovered stealing sensitive...