Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware...

4 posts were published in the last hour 7:2 : Compromised GitHub Action Steals Workflow Credentials 7:2 : Popular GitHub Action Tags Redirected to...

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud...

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud...

A massive supply chain breach affecting 84 npm packages within the widely used TanStack ecosystem. Malicious actors compromised these packages by...

A new supply chain attack dubbed Mini Shai-Hulud has compromised more than 400 malicious versions across 170 software packages, with high-profile...

The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers...

Shai-Hulud is a major cybersecurity threat targeting the open-source software supply chain. Security researchers are raising alarms over...

The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the...

A sprawling supply chain attack has put software developers worldwide on high alert after hackers compromised more than 170 npm packages and two PyPI...