Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack

A potentially monumental supply chain attack is underway, thanks to a self-replicating worm-like payload that has been compromising packages published on the npm Registry. The worm has been dubbed “Shai-hulud” as it steals credentials from victims who run a compromised package and publishes them in a public GitHub repository which contains the name. The worm also uses npm authentication tokens stolen from the victims to perpetuate the cycle of infection and compromise, and compromised GitHub … More → The post Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack appeared first on Help Net Security.
http://news.poseidon-us.com/TN6WcX

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack

Like this:

Related

More Posts

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack

AI agents will be ‘gatekeepers of loyalty’ in hospitality: study

Macy’s bets on automation to drive retail revival

Why You Need Phishing Resistant Authentication NOW., (Tue, Sep 16th)

Senate Democrats raise concerns over Pentagon plan to use military lawyers as immigration judges

FabCon Vienna: Build data-rich agents on an enterprise-ready foundation

The importance of building security into modernization from day one

The importance of building security into modernization from day one

Public service is riskier than ever, and that impacts those who serve and those considering it

Public service is riskier than ever, and that impacts those who serve and those considering it

Share this:

Like this:

Related

More Posts