Shai-Hulud 2.0: over 14,000 secrets exposed
TL;DR: A new wave of the Shai-Hulud supply chain attack targeting NPM packages, dubbed “The Second Coming” by the...
packages
Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages
Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking...
Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads
Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads Pierluigi Paganini November 10, 2025 Nine NuGet packages by...
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
Nov 07, 2025Ravie LakshmananSupply Chain Attack / Malware A set of nine malicious NuGet packages has been identified as capable...
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux
Oct 29, 2025Ravie LakshmananMalware / Threat Intelligence Cybersecurity researchers have discovered a set of 10 malicious npm packages that are...
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
Oct 14, 2025Ravie LakshmananMalware / Typosquatting Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that...
175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign
Oct 10, 2025Ravie LakshmananCybercrime / Malware Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm...
New supply chain attack hits npm registry, compromising 40+ packages
New supply chain attack hits npm registry, compromising 40+ packages Pierluigi Paganini September 16, 2025 Researchers uncovered a new supply...
Self-Replicating Worm Compromising Hundreds of NPM Packages
An ongoing supply chain attack dubbed "Shai-Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm...
Self-Replicating Worm Hits 180+ Software Packages
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that...
20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack
Sep 09, 2025Ravie LakshmananCryptocurrency / Software Security Multiple npm packages have been compromised as part of a software supply chain...
18 Popular Code Packages Hacked, Rigged to Steal Crypto
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly...
Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys
Sep 06, 2025Ravie LakshmananSoftware Security / Cryptocurrency A new set of four malicious packages have been discovered in the npm...
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a...
Deceptive npm Package Aims at Atomic Wallet, Exodus Users by Interchanging Crypto Addresses
Perpetrators persist in uploading deceptive packages to the npm registry to manipulate existing local copies of authentic libraries to run...
