Shai-Hulud Worm Strikes npm Packages — 132M Downloads Affected

The Shai-Hulud worm has compromised over 800 npm packages, affecting 132 million monthly downloads. This sophisticated attack occurred just before npm's deadline to revoke classic tokens, targeting developers unprepared for the transition. The worm uses TruffleHog to scan for exposed secrets and publishes them to a public GitHub repository. It also attempts to propagate itself by publishing malicious copies to npm, potentially causing widespread damage. Major technology organizations, including AsyncAPI and PostHog, have been affected, highlighting the need for better secret management and active threat monitoring.

Latest mentioned: 11-25

Earliest mentioned: 11-24

Sources

gbhackers.com theregister.com hackread.com thecyberexpress.com gbhackers.com cyberscoop.com

Also Read

RomCom Malware Targets Engineering Firm via SocGholish

The RomCom malware group targeted a civil engineering company using the SocGholish JavaScript loader to deliver the Mythic Agent. This marks the first observed instance of RomCom using SocGholish for distribution. The attack, attributed to a military unit, aimed at entities with ties to a specific region. The infection chain involved fake browser updates and a custom Python backdoor, highlighting the blend of cybercrime and espionage tactics.

11-26Read more →