Self-Replicating Worm Compromising Hundreds of NPM Packages

An ongoing supply chain attack dubbed “Shai-Hulud” has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that the attackers control.
The post Self-Replicating Worm Compromising Hundreds of NPM Packages appeared first on Security Boulevard.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: #featured, attack, chain, Cloud Security, compromised, CrowdStrike, Cybersecurity, Data Privacy, Data Security, DevOps, dubbed, hundreds, Identity & Access, Incident Response, Malware, network security, news, npm package compromised, ongoing, packages, repository, Security Boulevard (Original), self-replicating worm, Shai-Hulud, ShaiHulud, Social - Facebook, Social - LinkedIn, Social - X, Spotlight, supply, Threat Intelligence

AndyC

Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems

Risk Management in Banking: Leveraging AI and Advanced Analytics

RegScale Open Sources OSCAL Hub to Further Compliance-as-Code Adoption

What is secrets sprawl and how does it impact NHIs

INE Security Expands Across Middle East and Asia to Accelerate Cybersecurity Upskilling

Client ID Metadata Documents (CIMD): The Future of MCP Authentication

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

ESET Threat Report H2 2025

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Donate Bitcoin to this address

Donate Ethereum to this address

Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems

Risk Management in Banking: Leveraging AI and Advanced Analytics

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

RegScale Open Sources OSCAL Hub to Further Compliance-as-Code Adoption

About Author

More Stories

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed