Hosted on MSN

A terrifying, self-replicating malwaere has infected npm packages with over 2 million downloads per week - here's how to stay safe

A new supply-chain attack compromised at least 187 npm packages, targeting developer secrets across software projects Shai-Hulud worm looks to steal credentials, modify packages, and spread malware ...
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...

5 ways to spot software supply chain attacks and stop worms - before it's too late

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
Hosted on MSN

Nx NPM packages poisoned in AI-assisted supply chain attack

Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being uploaded to the NPM registry on Tuesday evening.… According to researchers at Wiz ...
Security Boulevard

What a Rogue Package, a Ransomware Hit, and One Mistake Say About Cyber Risk Right Now

In September 2025, we saw a worm-style supply chain attack hit npm packages, a major ransomware incident in Brazil’s healthcare sector, an insider breach at a U.S. bank, and Cloudflare dealing with ...